Auth Bypass via Untrusted Data in Savane <=3.17 (CVE-2026-56355): CVE-2026-56355 June 2026

GNU Savannah Administration Savane through 3.17 uses untrusted data as part of authorization.

Vulnerability Analysis

CVE-2026-56355 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Incorrect Behavior Order

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

Products Associated with CVE-2026-56355

Want to know whenever a new CVE is published for GNU Savane? stack.watch will email you.

Auth Bypass via Untrusted Data in Savane <=3.17 (CVE-2026-56355)
CVE-2026-56355 Published on June 20, 2026

Vulnerability Analysis

Weakness Type

Incorrect Behavior Order

Products Associated with CVE-2026-56355

Affected Versions

Auth Bypass via Untrusted Data in Savane <=3.17 (CVE-2026-56355)CVE-2026-56355 Published on June 20, 2026

Vulnerability Analysis

Weakness Type

Incorrect Behavior Order

Products Associated with CVE-2026-56355

Affected Versions

Auth Bypass via Untrusted Data in Savane <=3.17 (CVE-2026-56355)
CVE-2026-56355 Published on June 20, 2026