GO-2026-4286
- Source
- https://pkg.go.dev/vuln/GO-2026-4286
- Import Source
- https://vuln.go.dev/ID/GO-2026-4286.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2026-4286
- Aliases
- Published
- 2026-01-12T17:39:39Z
- Modified
- 2026-03-03T04:57:51.339531Z
- Summary
- OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware in github.com/openflagr/flagr
- Details
-
OpenFlagr contains an authentication bypass vulnerability in the HTTP middleware in github.com/openflagr/flagr
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2026-4286", "review_status": "UNREVIEWED" }- References
-
- https://github.com/advisories/GHSA-rwp9-5g7q-73q3
- https://nvd.nist.gov/vuln/detail/CVE-2026-0650
- https://github.com/openflagr/flagr/commit/fe83dc87aa404a57554aa5839ac450f55c203570
- https://dreyand.rs/code%20review/golang/2026/01/03/0day-speedrun-openflagr-less-1118-authentication-bypass
- https://github.com/openflagr/flagr/releases/tag/1.1.19
- https://www.vulncheck.com/advisories/openflagr-authentication-bypass-via-prefix-whitelist-path-normalization
Affected packages
Go / github.com/openflagr/flagr
Package
- Name
- github.com/openflagr/flagr
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/openflagr/flagr