← voltar
CVE-2026-33326

@keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany

CVSS 4.3 MEDIUMEPSS 0.3%CWE-863
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
24 mar 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Keystone is a content management system for Node.js. Prior to version 6.5.2, {field}.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 (field-level isFilterable bypass for update and delete mutations) added checks to the where parameter in update and delete mutations however the cursor parameter in findMany was not patched and accepts the same UniqueWhere input type. This issue has been patched in version 6.5.2.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
keystonejs · keystone

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/keystonejs/keystone/security/advisories/GHSA-cgcg-q9jh-5pr2