What is CVE-2026-33125?

CVE-2026-33125 is a high-severity vulnerability in Blakeblackshear Frigate, classified under Improper Authorization. CVSS score: 7.1/10. Published 2026-03-20.

How severe is CVE-2026-33125?

High severity. CVSS v3 base score is 7.1 out of 10.

Auth bypass in Blakeblackshear Frigate

CVE-2026-33125

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and aff…

EPSS: 0.001 (18.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H.

Affected products

Blakeblackshear Frigate — versions < 0.16.3

Weakness classification (CWE)

CWE-285 — Improper Authorization

References

https://github.com/blakeblackshear/frigate/security/advisories/GHSA-vg28-83rp-8xx4 (x_refsource_CONFIRM)
https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-33125?: CVE-2026-33125 is a high-severity vulnerability in Blakeblackshear Frigate, classified under Improper Authorization. CVSS score: 7.1/10. Published 2026-03-20.
How severe is CVE-2026-33125?: High severity. CVSS v3 base score is 7.1 out of 10.