Auth bypass in Pelicanplatform Pelican

CVE-2026-42571

Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's…

Vulnerability class: Broken Access Control

EPSS: 0.000 (2.9th percentile) — read the EPSS interpretation.

Affected products

Pelicanplatform Pelican — versions >= 7.21.0, < 7.21.5, >= 7.22.0, < 7.22.3, >= 7.23.0, < 7.23.3

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)