CVE-2026-11852

MEDIUM

Debusine 0.2.0-0.14.5 - Unauthenticated Artifact Relationship Manipulation

Title source: llm

Description

Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relationships between artifacts enforced no permissions checks beyond being able to see the artifacts in question.

References (3)

Core 3

Core References

https://salsa.debian.org/freexian-team/debusine/-/work_items/1499

https://salsa.debian.org/freexian-team/debusine/-/merge_requests/2836

https://salsa.debian.org/freexian-team/debusine/-/commit/98104f46dc546a27a0326d5ef728ac7f426c430a

Scores

CVSS v3 6.5

EPSS 0.0020

EPSS Percentile 9.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

Debian/debusine 0.2.0 - 0.14.6

Published Jun 10, 2026

Tracked Since Jun 10, 2026