PYSEC-2026-540

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/shinken/PYSEC-2026-540.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-540
Aliases
Published
2026-06-29T11:50:33.392933Z
Modified
2026-06-29T12:15:45.045876907Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Shinken Solutions Shinken Monitoring vulnerable to Incorrect Access Control
Details

Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.

References

Affected packages

PyPI / shinken

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2.4.3

Affected versions

2.*
2.0
2.0.1
2.0.2
2.0.3
2.2
2.4
2.4.2
2.4.3

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/shinken/PYSEC-2026-540.yaml"