What is GHSA-27hf-5x7w-h2g3?

GHSA-27hf-5x7w-h2g3 is a security advisory published by GitHub Security Advisories with High severity. Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate...

Which CVE IDs does GHSA-27hf-5x7w-h2g3 cover?

GHSA-27hf-5x7w-h2g3 covers the following CVE IDs: CVE-2026-38807. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-27hf-5x7w-h2g3?

GHSA-27hf-5x7w-h2g3 has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-27hf-5x7w-h2g3HighCVSS 8.8

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate...

Vendor

GitHub Security Advisories

Published

May 27, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-38807 →

📋 Description

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-38807
https://github.com/cagexunxi/CVE/issues/1
https://github.com/advisories/GHSA-27hf-5x7w-h2g3