Liquidfiles <4.2.12: Priv Esc via Broken ACL in Secondary Domain Groups
CVE-2026-12673 Published on June 20, 2026

Liquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in a secondary domain to a Sysadmin by modifying a group in their managed secondary (non-default) group.

Vendor Advisory NVD

Weakness Type

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2026-12673 has been classified to as an AuthZ vulnerability or weakness.

Products Associated with CVE-2026-12673

Want to know whenever a new CVE is published for Liquidfiles? stack.watch will email you.

Liquidfiles

Affected Versions

liquidfiles:

Before 4.2.12 is affected.

Liquidfiles <4.2.12: Priv Esc via Broken ACL in Secondary Domain GroupsCVE-2026-12673 Published on June 20, 2026

Weakness Type

What is an AuthZ Vulnerability?

Products Associated with CVE-2026-12673

Affected Versions

Liquidfiles <4.2.12: Priv Esc via Broken ACL in Secondary Domain Groups
CVE-2026-12673 Published on June 20, 2026