CVE-2026-42571
CriticalSummary
Pelican, a platform for creating data federations, has a privilege escalation vulnerability in the Web User Interface (WebUI) in versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2. This allows authenticated users to gain admin privileges under certain configurations.
Risk Assessment
This vulnerability may lead to unauthorized access to administrative functions, posing a serious threat to data and system security.
Recommendation
It is recommended to update Pelican to versions 7.21.5, 7.22.3, 7.23.3, or 7.24.2 to mitigate this vulnerability.
Original NVD description (English source)
Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's Web User Interface (WebUI). This attack allows any user authenticated to the WebUI via OAuth to gain admin privileges under certain configurations. This issue has been patched in versions 7.21.5, 7.22.3, 7.23.3, and 7.24.2.

