CVE-2026-57951

Source
https://cve.org/CVERecord?id=CVE-2026-57951
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57951.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-57951
Published
2026-06-29T17:20:36.203Z
Modified
2026-07-16T03:31:01.767458158Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table
Details

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and step_description across all operations on the server.

Database specific
{
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57951.json"
}
References

Affected packages

Git / github.com/its-a-feature/mythic

Affected ranges

Type
GIT
Repo
https://github.com/its-a-feature/mythic
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:its-a-feature:mythic:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.4.0.60"
        }
    ]
}

Affected versions

2.*
2.1.18
v0.*
v0.0.3.1
v0.0.3.10
v0.0.3.11
v0.0.3.12
v0.0.3.13
v0.0.3.14
v0.0.3.15
v0.0.3.16
v0.0.3.17
v0.0.3.18
v0.0.3.19
v0.0.3.2
v0.0.3.20
v0.0.3.21
v0.0.3.22
v0.0.3.24
v0.0.3.25
v0.0.3.26
v0.0.3.27
v0.0.3.28
v0.0.3.29
v0.0.3.3
v0.0.3.31
v0.0.3.32
v0.0.3.33
v0.0.3.34
v0.0.3.35
v0.0.3.36
v0.0.3.37
v0.0.3.38
v0.0.3.39
v0.0.3.4
v0.0.3.40
v0.0.3.41
v0.0.3.42
v0.0.3.43
v0.0.3.44
v0.0.3.45
v0.0.3.46
v0.0.3.47
v0.0.3.48
v0.0.3.49
v0.0.3.5
v0.0.3.50
v0.0.3.51
v0.0.3.52
v0.0.3.53
v0.0.3.6
v0.0.3.7
v0.0.3.8
v0.0.3.9
v2.*
v2.2.13
v2.2.14
v2.2.7
v2.3.13
v2.3.7
v2.3.9
v3.*
v3.0.0
v3.1.0
v3.2.2
v3.2.20
v3.3.0.10
v3.3.0.100
v3.3.0.101
v3.3.0.102
v3.3.0.103
v3.3.0.104
v3.3.0.105
v3.3.0.106
v3.3.0.107
v3.3.0.108
v3.3.0.109
v3.3.0.11
v3.3.0.110
v3.3.0.111
v3.3.0.112
v3.3.0.113
v3.3.0.114
v3.3.0.115
v3.3.0.116
v3.3.0.117
v3.3.0.118
v3.3.0.119
v3.3.0.12
v3.3.0.120
v3.3.0.121
v3.3.0.122
v3.3.0.123
v3.3.0.124
v3.3.0.125
v3.3.0.126
v3.3.0.127
v3.3.0.128
v3.3.0.129
v3.3.0.13
v3.3.0.130
v3.3.0.131
v3.3.0.132
v3.3.0.133
v3.3.0.135
v3.3.0.136
v3.3.0.14
v3.3.0.15
v3.3.0.16
v3.3.0.17
v3.3.0.18
v3.3.0.19
v3.3.0.2
v3.3.0.20
v3.3.0.21
v3.3.0.22
v3.3.0.23
v3.3.0.24
v3.3.0.25
v3.3.0.26
v3.3.0.27
v3.3.0.28
v3.3.0.29
v3.3.0.31
v3.3.0.32
v3.3.0.33
v3.3.0.34
v3.3.0.35
v3.3.0.36
v3.3.0.37
v3.3.0.38
v3.3.0.39
v3.3.0.4
v3.3.0.40
v3.3.0.41
v3.3.0.42
v3.3.0.43
v3.3.0.44
v3.3.0.45
v3.3.0.46
v3.3.0.47
v3.3.0.48
v3.3.0.49
v3.3.0.5
v3.3.0.51
v3.3.0.52
v3.3.0.53
v3.3.0.54
v3.3.0.55
v3.3.0.56
v3.3.0.57
v3.3.0.58
v3.3.0.59
v3.3.0.60
v3.3.0.61
v3.3.0.62
v3.3.0.63
v3.3.0.64
v3.3.0.65
v3.3.0.66
v3.3.0.67
v3.3.0.68
v3.3.0.69
v3.3.0.7
v3.3.0.70
v3.3.0.71
v3.3.0.72
v3.3.0.73
v3.3.0.74
v3.3.0.75
v3.3.0.76
v3.3.0.77
v3.3.0.78
v3.3.0.79
v3.3.0.8
v3.3.0.80
v3.3.0.81
v3.3.0.82
v3.3.0.83
v3.3.0.84
v3.3.0.85
v3.3.0.86
v3.3.0.87
v3.3.0.88
v3.3.0.89
v3.3.0.9
v3.3.0.90
v3.3.0.91
v3.3.0.92
v3.3.0.93
v3.3.0.94
v3.3.0.95
v3.3.0.96
v3.3.0.97
v3.3.0.98
v3.3.0.99
v3.4.0.0
v3.4.0.1
v3.4.0.10
v3.4.0.11
v3.4.0.13
v3.4.0.14
v3.4.0.15
v3.4.0.16
v3.4.0.17
v3.4.0.18
v3.4.0.19
v3.4.0.2
v3.4.0.20
v3.4.0.21
v3.4.0.22
v3.4.0.23
v3.4.0.24
v3.4.0.25
v3.4.0.26
v3.4.0.27
v3.4.0.28
v3.4.0.29
v3.4.0.3
v3.4.0.30
v3.4.0.31
v3.4.0.32
v3.4.0.33
v3.4.0.34
v3.4.0.35
v3.4.0.36
v3.4.0.37
v3.4.0.38
v3.4.0.39
v3.4.0.4
v3.4.0.40
v3.4.0.41
v3.4.0.42
v3.4.0.43
v3.4.0.44
v3.4.0.45
v3.4.0.46
v3.4.0.47
v3.4.0.48
v3.4.0.49
v3.4.0.5
v3.4.0.51
v3.4.0.52
v3.4.0.53
v3.4.0.54
v3.4.0.55
v3.4.0.56
v3.4.0.57
v3.4.0.58
v3.4.0.59
v3.4.0.6
v3.4.0.7
v3.4.0.8
v3.4.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57951.json"