What is CVE-2026-42291?

CVE-2026-42291 is a medium-severity vulnerability in Syslifters Sysreptor, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 6.8/10. Published 2026-05-08.

How severe is CVE-2026-42291?

Medium severity. CVSS v3 base score is 6.8 out of 10.

Auth bypass in Syslifters Sysreptor

CVE-2026-42291

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated atta…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (7.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Syslifters Sysreptor — versions >= 2026.4, < 2026.27

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-42291?: CVE-2026-42291 is a medium-severity vulnerability in Syslifters Sysreptor, classified under Authorization Bypass Through User-Controlled Key. CVSS score: 6.8/10. Published 2026-05-08.
How severe is CVE-2026-42291?: Medium severity. CVSS v3 base score is 6.8 out of 10.