漏洞关键信息 漏洞名称 API Key Privilege Escalation 漏洞ID GHSA-237r-x578-h5mv 漏洞类型 CVE-2026-23896 漏洞级别 High 受影响版本 = 2.5.0 漏洞描述 API keys can escalate their own permissions by calling the update endpoint, allowing a low-privilege API key to grant itself full administrative access to the system. 漏洞细节 The update method in api-key.service.ts allows an API key to modify its own permissions without verifying the caller has authority to grant those permissions. PoC A Python script is provided in the screenshot which demonstrates how a low-privilege API key can escalate permissions to have full system access. 影响 Any user with the ability to create an API key (even with minimal permissions) can escalate that key to have full administrative permissions. This allows complete account takeover and access to all user data and administrative functions.