CVE Catalog

CVE-2026-42571

Critical
Published: Translated: NVD NIST

Summary

Pelican, a platform for creating data federations, has a privilege escalation vulnerability in the Web User Interface (WebUI) in versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2. This allows authenticated users to gain admin privileges under certain configurations.

Risk Assessment

This vulnerability may lead to unauthorized access to administrative functions, posing a serious threat to data and system security.

Recommendation

It is recommended to update Pelican to versions 7.21.5, 7.22.3, 7.23.3, or 7.24.2 to mitigate this vulnerability.

Original NVD description (English source)

Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's Web User Interface (WebUI). This attack allows any user authenticated to the WebUI via OAuth to gain admin privileges under certain configurations. This issue has been patched in versions 7.21.5, 7.22.3, 7.23.3, and 7.24.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS