Vulnerability in Aptrs

CVE-2026-34406

APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edit_user endpoint (POST /api/auth/editus…

Vulnerability class: Mass Assignment

EPSS: 0.004 (61.6th percentile) — read the EPSS interpretation.

Affected products

Aptrs — versions < 2.0.1

Weakness classification (CWE)

CWE-915 — Improperly Controlled Modification of Dynamically-Determined Object Attributes

References

https://github.com/APTRS/APTRS/security/advisories/GHSA-gv25-wp4h-9c35 (x_refsource_CONFIRM)
https://github.com/APTRS/APTRS/commit/d1f1b3a5d1953082af8e075712ca29742e900d56 (x_refsource_MISC)
https://github.com/APTRS/APTRS/releases/tag/2.0.1 (x_refsource_MISC)