PYSEC-2026-290

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/backend-ai/PYSEC-2026-290.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-290
Aliases
Published
2026-06-29T11:50:38.333670Z
Modified
2026-07-01T20:22:49.653897Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
BackendAI Missing Authentication for Critical Function
Details

Missing Authentication in the registration feature of Lablup's BackendAI allows arbitrary users to create user accounts that can access private data even when registration is disabled.

References

Affected packages

PyPI / backend-ai

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
25.16.0rc1
Fixed
25.19.0rc1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/backend-ai/PYSEC-2026-290.yaml"