Cvat Security Vulnerabilities (CVEs)

Track 9 security vulnerabilities affecting Cvat products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

2 Critical

2 High

5 Medium

Sort by:

🔔 Get Alerts for Cvat

CVE-2026-23526 8.8

CVAT users with staff status can escalate their own privileges to superuser/admin level, gaining full access to all data in the CVAT instance. This af...

Jan 21, 2026

CVE-2026-23516 5.4

This cross-site scripting (XSS) vulnerability in CVAT allows attackers to execute arbitrary JavaScript in victims' browser sessions by creating malici...

Jan 21, 2026

CVE-2025-54573 4.3

CVAT versions 1.1.0 through 2.41.0 do not enforce email verification when using Basic HTTP Authentication, allowing attackers to create accounts with ...

Jul 30, 2025

CVE-2025-49135 6.5

This vulnerability in CVAT allows authenticated users with 'user' role to access other users' uploaded files during project/task backup imports by exp...

Jun 25, 2025

CVE-2025-48381 4.3

This vulnerability allows authenticated CVAT users to enumerate all task, project, label, job, and quality report IDs and names on the instance. It ca...

May 30, 2025

CVE-2025-23045 9.8

This vulnerability allows authenticated attackers to execute arbitrary code within CVAT's Nuclio function containers by exploiting unsafe serializatio...

Jan 28, 2025

CVE-2024-45393 6.4

This vulnerability in CVAT allows authenticated attackers to view webhook delivery information for any webhook on the instance, including those belong...

Sep 10, 2024

CVE-2024-37306 7.1

This is a Cross-Site Request Forgery (CSRF) vulnerability in CVAT that allows attackers to trick authenticated users into performing unauthorized data...

Jun 13, 2024

CVE-2021-45046 9.0

CVE-2021-45046 is an incomplete fix for the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j 2.15.0 that allows attackers to execute arbitrary...

Dec 14, 2021

Why Monitor Cvat Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 9+ known vulnerabilities affecting Cvat products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Cvat packages in under 60 seconds. No agents required - completely agentless scanning that works across Cvat deployments.

Free vulnerability database: Access detailed information about every Cvat CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Cvat CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Cvat CVEs Free