Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by its-a-feature
CVE-2026-57953 (GCVE-0-2026-57953)
Vulnerability from nvd – Published: 2026-06-29 17:21 – Updated: 2026-06-29 19:40 X_Open Source
VLAI
Title
Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint
Summary
Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can exploit this misconfigured access control to create and delete automation workflows, making unauthorized modifications to operation automation configuration and EventGroups.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/its-a-feature/Mythic/releases/… | release-notes |
| https://github.com/its-a-feature/Mythic/issues/565 | issue-tracking |
| https://github.com/its-a-feature/Mythic/commit/82… | patch |
| https://www.vulncheck.com/advisories/mythic-unaut… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| its-a-feature | Mythic |
Affected:
0 , < 3.4.0.60
(custom)
|
Date Public
2026-06-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T19:40:44.410964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T19:40:50.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mythic",
"repo": "https://github.com/its-a-feature/Mythic",
"vendor": "its-a-feature",
"versions": [
{
"lessThan": "3.4.0.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can exploit this misconfigured access control to create and delete automation workflows, making unauthorized modifications to operation automation configuration and EventGroups."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T17:21:31.254Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/its-a-feature/Mythic/releases/tag/v3.4.0.60"
},
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/its-a-feature/Mythic/issues/565"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/its-a-feature/Mythic/commit/82648e8241b800a32e1882afc310e7316d98ebaa"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mythic-unauthorized-automation-workflow-modification-via-eventing-import-automatic-webhook-endpoint"
}
],
"tags": [
"x_open-source"
],
"title": "Mythic \u003c 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57953",
"datePublished": "2026-06-29T17:21:31.254Z",
"dateReserved": "2026-06-26T13:59:33.047Z",
"dateUpdated": "2026-06-29T19:40:50.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57952 (GCVE-0-2026-57952)
Vulnerability from nvd – Published: 2026-06-29 17:21 – Updated: 2026-06-29 18:15 X_Open Source
VLAI
Title
Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID
Summary
Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpoints with a known payload UUID from another operation to access that operation's C2 profile configuration including encryption keys and callback parameters.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/its-a-feature/Mythic/releases/… | release-notes |
| https://github.com/its-a-feature/Mythic/issues/564 | issue-tracking |
| https://github.com/its-a-feature/Mythic/commit/82… | patch |
| https://www.vulncheck.com/advisories/mythic-unaut… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| its-a-feature | Mythic |
Affected:
0 , < 3.4.0.60
(custom)
|
Date Public
2026-06-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T18:14:52.615981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T18:15:58.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mythic",
"repo": "https://github.com/its-a-feature/Mythic",
"vendor": "its-a-feature",
"versions": [
{
"lessThan": "3.4.0.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpoints with a known payload UUID from another operation to access that operation\u0027s C2 profile configuration including encryption keys and callback parameters."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T17:21:03.323Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/its-a-feature/Mythic/releases/tag/v3.4.0.60"
},
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/its-a-feature/Mythic/issues/564"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/its-a-feature/Mythic/commit/82648e8241b800a32e1882afc310e7316d98ebaa"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mythic-unauthorized-c2-profile-configuration-access-via-unverified-payload-uuid"
}
],
"tags": [
"x_open-source"
],
"title": "Mythic \u003c 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57952",
"datePublished": "2026-06-29T17:21:03.323Z",
"dateReserved": "2026-06-26T13:59:33.047Z",
"dateUpdated": "2026-06-29T18:15:58.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57951 (GCVE-0-2026-57951)
Vulnerability from nvd – Published: 2026-06-29 17:20 – Updated: 2026-06-29 17:20 X_Open Source
VLAI
Title
Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table
Summary
Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payload_build_step to read step_stdout, step_stderr, step_name, and step_description across all operations on the server.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/its-a-feature/Mythic/releases/… | release-notes |
| https://github.com/its-a-feature/Mythic/issues/563 | issue-tracking |
| https://github.com/its-a-feature/Mythic/commit/82… | patch |
| https://www.vulncheck.com/advisories/mythic-broke… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| its-a-feature | Mythic |
Affected:
0 , < 3.4.0.60
(custom)
|
Date Public
2026-06-20 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mythic",
"repo": "https://github.com/its-a-feature/Mythic",
"vendor": "its-a-feature",
"versions": [
{
"lessThan": "3.4.0.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payload_build_step to read step_stdout, step_stderr, step_name, and step_description across all operations on the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T17:20:36.203Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/its-a-feature/Mythic/releases/tag/v3.4.0.60"
},
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/its-a-feature/Mythic/issues/563"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/its-a-feature/Mythic/commit/82648e8241b800a32e1882afc310e7316d98ebaa"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mythic-broken-permission-filter-in-payload-build-step-table"
}
],
"tags": [
"x_open-source"
],
"title": "Mythic \u003c 3.4.0.60 - Broken Permission Filter in payload_build_step Table",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57951",
"datePublished": "2026-06-29T17:20:36.203Z",
"dateReserved": "2026-06-26T13:57:16.356Z",
"dateUpdated": "2026-06-29T17:20:36.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57953 (GCVE-0-2026-57953)
Vulnerability from cvelistv5 – Published: 2026-06-29 17:21 – Updated: 2026-06-29 19:40 X_Open Source
VLAI
Title
Mythic < 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint
Summary
Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can exploit this misconfigured access control to create and delete automation workflows, making unauthorized modifications to operation automation configuration and EventGroups.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/its-a-feature/Mythic/releases/… | release-notes |
| https://github.com/its-a-feature/Mythic/issues/565 | issue-tracking |
| https://github.com/its-a-feature/Mythic/commit/82… | patch |
| https://www.vulncheck.com/advisories/mythic-unaut… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| its-a-feature | Mythic |
Affected:
0 , < 3.4.0.60
(custom)
|
Date Public
2026-06-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57953",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T19:40:44.410964Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T19:40:50.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mythic",
"repo": "https://github.com/its-a-feature/Mythic",
"vendor": "its-a-feature",
"versions": [
{
"lessThan": "3.4.0.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventing_import_automatic_webhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can exploit this misconfigured access control to create and delete automation workflows, making unauthorized modifications to operation automation configuration and EventGroups."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T17:21:31.254Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/its-a-feature/Mythic/releases/tag/v3.4.0.60"
},
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/its-a-feature/Mythic/issues/565"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/its-a-feature/Mythic/commit/82648e8241b800a32e1882afc310e7316d98ebaa"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mythic-unauthorized-automation-workflow-modification-via-eventing-import-automatic-webhook-endpoint"
}
],
"tags": [
"x_open-source"
],
"title": "Mythic \u003c 3.4.0.60 - Unauthorized Automation Workflow Modification via eventing_import_automatic_webhook Endpoint",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57953",
"datePublished": "2026-06-29T17:21:31.254Z",
"dateReserved": "2026-06-26T13:59:33.047Z",
"dateUpdated": "2026-06-29T19:40:50.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57952 (GCVE-0-2026-57952)
Vulnerability from cvelistv5 – Published: 2026-06-29 17:21 – Updated: 2026-06-29 18:15 X_Open Source
VLAI
Title
Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID
Summary
Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpoints with a known payload UUID from another operation to access that operation's C2 profile configuration including encryption keys and callback parameters.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-862 - Missing Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/its-a-feature/Mythic/releases/… | release-notes |
| https://github.com/its-a-feature/Mythic/issues/564 | issue-tracking |
| https://github.com/its-a-feature/Mythic/commit/82… | patch |
| https://www.vulncheck.com/advisories/mythic-unaut… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| its-a-feature | Mythic |
Affected:
0 , < 3.4.0.60
(custom)
|
Date Public
2026-06-20 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-29T18:14:52.615981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T18:15:58.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mythic",
"repo": "https://github.com/its-a-feature/Mythic",
"vendor": "its-a-feature",
"versions": [
{
"lessThan": "3.4.0.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpoints with a known payload UUID from another operation to access that operation\u0027s C2 profile configuration including encryption keys and callback parameters."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T17:21:03.323Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/its-a-feature/Mythic/releases/tag/v3.4.0.60"
},
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/its-a-feature/Mythic/issues/564"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/its-a-feature/Mythic/commit/82648e8241b800a32e1882afc310e7316d98ebaa"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mythic-unauthorized-c2-profile-configuration-access-via-unverified-payload-uuid"
}
],
"tags": [
"x_open-source"
],
"title": "Mythic \u003c 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57952",
"datePublished": "2026-06-29T17:21:03.323Z",
"dateReserved": "2026-06-26T13:59:33.047Z",
"dateUpdated": "2026-06-29T18:15:58.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-57951 (GCVE-0-2026-57951)
Vulnerability from cvelistv5 – Published: 2026-06-29 17:20 – Updated: 2026-06-29 17:20 X_Open Source
VLAI
Title
Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table
Summary
Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payload_build_step to read step_stdout, step_stderr, step_name, and step_description across all operations on the server.
Severity
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/its-a-feature/Mythic/releases/… | release-notes |
| https://github.com/its-a-feature/Mythic/issues/563 | issue-tracking |
| https://github.com/its-a-feature/Mythic/commit/82… | patch |
| https://www.vulncheck.com/advisories/mythic-broke… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| its-a-feature | Mythic |
Affected:
0 , < 3.4.0.60
(custom)
|
Date Public
2026-06-20 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Mythic",
"repo": "https://github.com/its-a-feature/Mythic",
"vendor": "its-a-feature",
"versions": [
{
"lessThan": "3.4.0.60",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "George Chen"
}
],
"datePublic": "2026-06-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payload_build_step to read step_stdout, step_stderr, step_name, and step_description across all operations on the server."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-29T17:20:36.203Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Release Notes",
"tags": [
"release-notes"
],
"url": "https://github.com/its-a-feature/Mythic/releases/tag/v3.4.0.60"
},
{
"name": "Researcher Disclosure",
"tags": [
"issue-tracking"
],
"url": "https://github.com/its-a-feature/Mythic/issues/563"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/its-a-feature/Mythic/commit/82648e8241b800a32e1882afc310e7316d98ebaa"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/mythic-broken-permission-filter-in-payload-build-step-table"
}
],
"tags": [
"x_open-source"
],
"title": "Mythic \u003c 3.4.0.60 - Broken Permission Filter in payload_build_step Table",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-57951",
"datePublished": "2026-06-29T17:20:36.203Z",
"dateReserved": "2026-06-26T13:57:16.356Z",
"dateUpdated": "2026-06-29T17:20:36.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}