Security Advisory

CVE-2026-23896

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-29 17:12:43

Last updated 2026-01-29 21:25:38

Assigner GitHub_M

State PUBLISHED

Description

immich is a high performance self-hosted photo and video management solution. Prior to version 2.5.0, API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. Version 2.5.0 fixes the issue.

← Browse all CVEs View on cve.org ↗