What is CVE-2026-45226?

CVE-2026-45226 is a high-severity vulnerability in Heymrun Heym, classified under Incorrect Authorization. CVSS score: 7.1/10. Published 2026-05-12.

How severe is CVE-2026-45226?

High severity. CVSS v3 base score is 7.1 out of 10.

Auth bypass in Heymrun Heym

CVE-2026-45226

Heym before 0.0.21 contains an authorization bypass vulnerability in workflow execution that allows authenticated users to execute arbitrary workflows by referencing victim workflow UUIDs without proper access validation. Attackers can cre…

Vulnerability class: Broken Access Control

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L.

Affected products

Heymrun Heym — versions 0, 3ae3ef6a7d3609da0e910f9ed6b81e99a1661ac8

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

disclosure@vulncheck.com (release-notes)
disclosure@vulncheck.com (issue-tracking)
disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-45226?: CVE-2026-45226 is a high-severity vulnerability in Heymrun Heym, classified under Incorrect Authorization. CVSS score: 7.1/10. Published 2026-05-12.
How severe is CVE-2026-45226?: High severity. CVSS v3 base score is 7.1 out of 10.