CVE-2026-33125

EUVD-2026-13665
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been patched in version 0.16.3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
GitHub_MCNA
7.1 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
frigatefrigate
𝑥
< 0.16.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/blakeblackshear/frigate/releases/tag/v0.16.3
https://github.com/blakeblackshear/frigate/security/advisories/GHSA-vg28-83rp-8xx4