Vulnerability in Juicedata Juicefs
CVE-2026-59092
JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the…
CVSS v3 metric
CVSS v3 base score 7.7 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H.
Affected products
- Juicedata Juicefs — versions 0, a46979cdd4082217081ee99b931ddc53d038e47a
Weakness classification (CWE)
References
- disclosure@vulncheck.com (patch)
- disclosure@vulncheck.com (technical-description)
- disclosure@vulncheck.com (issue-tracking)
- disclosure@vulncheck.com (third-party-advisory)
Frequently asked questions
- What is CVE-2026-59092?
- CVE-2026-59092 is a high-severity vulnerability in Juicedata Juicefs, classified under Active Debug Code. CVSS score: 7.7/10. Published 2026-07-02.
- How severe is CVE-2026-59092?
- High severity. CVSS v3 base score is 7.7 out of 10.