Auth bypass in Oban-bg Oban_web

CVE-2026-48592

Missing Authorization vulnerability in oban-bg oban_web ('Elixir.Oban.Web.Jobs.DetailComponent' modules) allows unauthorized job worker substitution. The handle_event("save-job", ...) handler in 'Elixir.Oban.Web.Jobs.DetailComponent' does…

Vulnerability class: Broken Access Control

EPSS: 0.001 (18.8th percentile) — read the EPSS interpretation.

Affected products

Oban-bg Oban_web — versions 2.12.0, a17bc8c31286c9d516e2892cf5483d1c95e65d6c

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related, vendor-advisory)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (related)
6b3ad84c-e1a6-4bf7-a703-f496b71e49db (patch)