CVE-2026-42571
Description
Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escalation vulnerability affecting Pelican's Web User Interface (WebUI). This attack allows any user authenticated to the WebUI via OAuth to gain admin privileges under certain configurations. This issue has been patched in versions 7.21.5, 7.22.3, 7.23.3, and 7.24.2.
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2026-42571? +
How do I check if I'm vulnerable to CVE-2026-42571? +
Related Vulnerabilities
authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, authenticated non-admin users with at …
Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.Permission(User.class, getUserId(), …
Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently …
Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 …
A Local Code Execution Vulnerability exists in the product and version listed above. The vulnerability is due to a default …
The vulnerability allows an unauthenticated attacker to access information in PAM database.