IM
IronMonkey Threat Research

CVE-2026-16217 MEDIUM

Published: 2026-07-19 | Last Modified: 2026-07-19 | Status: Received

Description

A security vulnerability has been detected in guohongze adminset up to 0.61. Affected by this vulnerability is an unknown functionality of the file delivery/deli.py of the component Delivery Deployment Endpoint. The manipulation of the argument project_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Metrics

Base Score: 6.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactLOW
Integrity ImpactLOW
Availability ImpactLOW

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 3.4

Base Score: 6.5 (MEDIUM)

AV:N/AC:L/Au:S/C:P/I:P/A:P

Access VectorNETWORK
Access ComplexityLOW
AuthenticationSINGLE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL

Source: [email protected]

Type: Secondary

Exploitability Score: 8.0

Impact Score: 6.4

Base Score: 2.1 (LOW)

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorNETWORK
Attack ComplexityLOW
Attack RequirementsNONE
Privileges RequiredLOW
User InteractionNONE
Vulnerability ConfidentialityLOW
Vulnerability IntegrityLOW
Vulnerability AvailabilityLOW
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Primary
en CWE-285
en CWE-639
Notification
Message here