CVE-2026-54652
blakeblackshear · Frigate
Frigate contains multiple vulnerabilities related to improper privilege management, sensitive information in logs, and insecure use of GET requests for sensitive data.
Executive summary
A high-severity vulnerability in the Frigate network video recorder allows authenticated users to potentially compromise system data and security through improper privilege management.
Vulnerability
This vulnerability encompasses improper privilege management (CWE-269), the logging of sensitive information (CWE-532), and the use of insecure GET requests for sensitive operations (CWE-598). An authenticated user can leverage these flaws to gain unauthorized access or extract sensitive data from the system.
Business impact
The combination of these flaws could lead to a complete compromise of video recording data and associated metadata. With a CVSS score of 8.1, this vulnerability poses a significant risk to the confidentiality and integrity of the surveillance environment, potentially exposing sensitive footage to unauthorized parties.
Remediation
Immediate Action: Update Frigate to the latest patched version to address the identified privilege and logging vulnerabilities.
Proactive Monitoring: Inspect application logs for any evidence of sensitive credentials or data leakage, and monitor for unusual API request patterns.
Compensating Controls: Implement strict network-level access controls to limit access to the Frigate interface to authorized personnel only, reducing the risk of exploitation by low-privileged users.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Users of Frigate should apply the latest security updates immediately to remediate these privilege management flaws. Ensuring that the application is not exposed to untrusted networks is essential to minimizing the attack surface until patches are fully deployed.