greprules.io
Sign inSubmit rule
Explore/cve-2026-23487-incorrect-target-role-authorization-bypass

CVE-2026-23487: Incorrect Target Role Authorization Bypass

The authorization logic incorrectly checks the role of the requested target (e.g., user record) instead of the current authenticated session context. This can lead to an IDOR (Authorization Bypass) where unprivileged users can access privileged records by requesting them. Ensure that the authorization condition verifies the role of the current requesting use

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0typescript
greprules fetch cve-2026-23487-incorrect-target-role-authorization-bypass --engine opengrep

Description

The authorization logic incorrectly checks the role of the requested target (e.g., user record) instead of the current authenticated session context. This can lead to an IDOR (Authorization Bypass) where unprivileged users can access privileged records by requesting them. Ensure that the authorization condition verifies the role of the current requesting use

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License
Apache-2.0
Source context
Public repository
Source
Provally CVE rule catalog
Validation status
Verified
Trust signals
111 downloads0 direct111 via packs
· 0 stars · Trust score 61How trust works
Included packs
2 packs

Community feedback

Sign in to report false positives, mark this rule useful, or suggest metadata improvements.

Mark usefulReport false positiveSuggest metadata