CVE-2026-42303— Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42303
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fides: Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection
Source: NVD (National Vulnerability Database)
Vulnerability Description
Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletion of a data subject's records across every integration configured in the affected deployment. This vulnerability is fixed in 2.83.2.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选路径或通道进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Fides 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Fides是Ethyca开源的一个开源隐私工程平台,用于管理运行时环境中数据隐私请求的实现以及代码中隐私法规的执行。 Fides 2.75.0版本至2.83.2之前版本存在安全漏洞,该漏洞源于启用主体身份验证和重复隐私请求检测时,管理员可批准身份从未验证的隐私请求,可能导致未经授权删除受影响部署中每个集成的数据主体记录。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-42303
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42303
请登录查看更多情报信息。
- https://github.com/ethyca/fides/pull/7972x_refsource_MISC
- https://github.com/ethyca/fides/pull/7971x_refsource_MISC
- https://github.com/ethyca/fides/releases/tag/2.83.2x_refsource_MISC
- https://github.com/ethyca/fides/security/advisories/GHSA-qx5f-ghc2-7g5cx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2026-42303
IV. Related Vulnerabilities
Same product: fides
- CVE-2025-57817
Fides Webserver API is Vulnerable to OAuth Client Privilege - CVE-2025-57816
Fides Webserver API Rate Limiting Vulnerability in Proxied E - CVE-2025-57766
Fides's Admin UI User Password Change Does Not Invalidate Cu - CVE-2025-57815
Fides Lacks Brute-Force Protections on Authentication Endpoi - CVE-2024-52008
Password Policy Bypass Vulnerability in Fides Webserver
Same vendor: ethyca
- CVE-2025-57817
Fides Webserver API is Vulnerable to OAuth Client Privilege - CVE-2025-57816
Fides Webserver API Rate Limiting Vulnerability in Proxied E - CVE-2025-57766
Fides's Admin UI User Password Change Does Not Invalidate Cu - CVE-2025-57815
Fides Lacks Brute-Force Protections on Authentication Endpoi - CVE-2024-52008
Password Policy Bypass Vulnerability in Fides Webserver
Same weakness: CWE-288
- CVE-2026-4524
Authentication Bypass Using an Alternate Path or Channel in - CVE-2026-45109
Next.js: Middleware / Proxy bypass in App Router application - CVE-2026-44574
Next.js: Middleware / Proxy bypass through dynamic route par - CVE-2026-44575
Next.js: Middleware / Proxy bypass in App Router application - CVE-2026-40621
ELECOM多款产品 安全漏洞
V. Comments for CVE-2026-42303
No comments yet