CVE Catalog

CVE-2026-54190

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile — higher than 25% of all known CVEs

Summary

Versions of Envira Photo Gallery up to 1.12.5 have an unauthenticated broken access control vulnerability that may allow attackers to access resources they should not have access to.

Risk Assessment

Organizations may be exposed to unauthorized access to sensitive data, potentially leading to loss of confidentiality and integrity of information.

Recommendation

It is recommended to update Envira Photo Gallery to the latest version to mitigate this vulnerability and conduct an access audit.

Original NVD description (English source)

Unauthenticated Broken Access Control in Envira Photo Gallery <= 1.12.5 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS