Description
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain function calls. This bypass allows assigning arbitrary permission to any user existing in CodeChecker. This issue affects CodeChecker: through 6.27.3.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645
Scores
CVSS v3
9.8
EPSS
0.0041
EPSS Percentile
32.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-290
CWE-863
Status
published
Products (3)
Ericsson/CodeChecker
< 6.27.3
ericsson/codechecker
< 6.27.4
pypi/codechecker
0PyPI
Published
Apr 24, 2026
Tracked Since
Apr 24, 2026