216.73.216.67

CVE-2026-22784

· Published 12/01/2026 19:16 · Modified 13/01/2026 14:03

Labels: CVE-2026-22784 2026-01-12CVE-2026-22784CWE-863[email protected]

Essential information

Published
12/01/2026 19:16
Modified
13/01/2026 14:03
Author
Creator
CVSS
2.3 LOW (v3) 2.3 LOW (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Lychee is a free, open-source photo-management tool. Prior to 7.1.0, an authorization vulnerability exists in Lychee's album password unlock functionality that allows users to gain possibly unauthorized access to other users' password-protected albums. When a user unlocks a password-protected public album, the system automatically unlocks ALL other public albums that share the same password, resulting in a complete authorization bypass. This vulnerability is fixed in 7.1.0.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
lychee / lychee cpe:2.3:a:lychee:lychee:<7.1.0:*:*:*:*:*:*:*

References