{"id":"CVE-2026-57951","summary":"Mythic \u003c 3.4.0.60 - Broken Permission Filter in payload_build_step Table","details":"Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied _or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payload_build_step to read step_stdout, step_stderr, step_name, and step_description across all operations on the server.","modified":"2026-07-16T03:31:01.767458158Z","published":"2026-06-29T17:20:36.203Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57951.json","cna_assigner":"VulnCheck","cwe_ids":["CWE-863"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/57xxx/CVE-2026-57951.json"},{"type":"ADVISORY","url":"https://github.com/its-a-feature/Mythic/releases/tag/v3.4.0.60"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-57951"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/mythic-broken-permission-filter-in-payload-build-step-table"},{"type":"REPORT","url":"https://github.com/its-a-feature/Mythic/issues/563"},{"type":"FIX","url":"https://github.com/its-a-feature/Mythic/commit/82648e8241b800a32e1882afc310e7316d98ebaa"},{"type":"PACKAGE","url":"https://github.com/its-a-feature/Mythic"},{"type":"EVIDENCE","url":"ttps://github.com/its-a-feature/Mythic/issues/563"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/its-a-feature/mythic","events":[{"introduced":"0"},{"fixed":"29be09eef48814e01ee75a4388b1fc0caf5b1ee5"},{"fixed":"82648e8241b800a32e1882afc310e7316d98ebaa"}],"database_specific":{"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:its-a-feature:mythic:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"3.4.0.60"}]}}],"versions":["v3.4.0.59","v3.4.0.58","v3.4.0.57","v3.4.0.56","v3.4.0.55","v3.4.0.54","v3.4.0.53","v3.4.0.52","v3.4.0.51","v3.4.0.49","v3.4.0.48","v3.4.0.47","v3.4.0.46","v3.4.0.45","v3.4.0.44","v3.4.0.43","v3.4.0.42","v3.4.0.41","v3.4.0.40","v3.4.0.39","v3.4.0.38","v3.4.0.37","v3.4.0.36","v3.4.0.35","v3.4.0.34","v3.4.0.33","v3.4.0.32","v3.4.0.31","v3.4.0.30","v3.4.0.29","v3.4.0.28","v3.4.0.27","v3.4.0.26","v3.4.0.25","v3.4.0.24","v3.4.0.23","v3.4.0.22","v3.4.0.21","v3.4.0.20","v3.4.0.19","v3.4.0.18","v3.4.0.17","v3.4.0.16","v3.4.0.15","v3.4.0.14","v3.4.0.13","v3.4.0.11","v3.4.0.10","v3.4.0.9","v3.4.0.8","v3.4.0.7","v3.4.0.6","v3.4.0.5","v3.4.0.4","v3.4.0.3","v3.4.0.2","v3.4.0.1","v3.4.0.0","v3.3.0.136","v3.3.0.135","v3.3.0.133","v3.3.0.132","v3.3.0.131","v3.3.0.130","v3.3.0.129","v3.3.0.128","v3.3.0.127","v3.3.0.126","v3.3.0.125","v3.3.0.124","v3.3.0.123","v3.3.0.122","v3.3.0.121","v3.3.0.120","v3.3.0.119","v3.3.0.118","v3.3.0.117","v3.3.0.116","v3.3.0.115","v3.3.0.114","v3.3.0.113","v3.3.0.112","v3.3.0.111","v3.3.0.110","v3.3.0.109","v3.3.0.108","v3.3.0.107","v3.3.0.106","v3.3.0.105","v3.3.0.104","v3.3.0.103","v3.3.0.102","v3.3.0.101","v3.3.0.100","v3.3.0.99","v3.3.0.98","v3.3.0.97","v3.3.0.96","v3.3.0.95","v3.3.0.94","v3.3.0.93","v3.3.0.92","v3.3.0.91","v3.3.0.90","v3.3.0.89","v3.3.0.88","v3.3.0.87","v3.3.0.86","v3.3.0.85","v3.3.0.84","v3.3.0.83","v3.3.0.82","v3.3.0.81","v3.3.0.80","v3.3.0.79","v3.3.0.78","v3.3.0.77","v3.3.0.76","v3.3.0.75","v3.3.0.74","v3.3.0.73","v3.3.0.72","v3.3.0.71","v3.3.0.70","v3.3.0.69","v3.3.0.68","v3.3.0.67","v3.3.0.66","v3.3.0.65","v3.3.0.64","v3.3.0.63","v3.3.0.62","v3.3.0.61","v3.3.0.60","v3.3.0.59","v3.3.0.58","v3.3.0.57","v3.3.0.56","v3.3.0.55","v3.3.0.54","v3.3.0.53","v3.3.0.52","v3.3.0.51","v3.3.0.49","v3.3.0.48","v3.3.0.47","v3.3.0.46","v3.3.0.45","v3.3.0.44","v3.3.0.43","v3.3.0.42","v3.3.0.41","v3.3.0.40","v3.3.0.39","v3.3.0.38","v3.3.0.37","v3.3.0.36","v3.3.0.35","v3.3.0.34","v3.3.0.33","v3.3.0.32","v3.3.0.31","v3.3.0.29","v3.3.0.28","v3.3.0.27","v3.3.0.26","v3.3.0.25","v3.3.0.24","v3.3.0.23","v3.3.0.22","v3.3.0.21","v3.3.0.20","v3.3.0.19","v3.3.0.18","v3.3.0.17","v3.3.0.16","v3.3.0.15","v3.3.0.14","v3.3.0.13","v3.3.0.12","v3.3.0.11","v3.3.0.10","v3.3.0.9","v3.3.0.8","v3.3.0.7","v3.3.0.5","v3.3.0.4","v3.3.0.2","v3.2.20","v0.0.3.53","v0.0.3.52","v0.0.3.51","v0.0.3.50","v0.0.3.49","v0.0.3.48","v0.0.3.47","v0.0.3.46","v0.0.3.45","v0.0.3.44","v0.0.3.43","v0.0.3.42","v0.0.3.41","v0.0.3.40","v0.0.3.39","v0.0.3.38","v0.0.3.37","v0.0.3.36","v0.0.3.35","v0.0.3.34","v0.0.3.33","v0.0.3.32","v0.0.3.31","v0.0.3.29","v0.0.3.28","v0.0.3.27","v0.0.3.26","v0.0.3.25","v0.0.3.24","v0.0.3.22","v0.0.3.21","v0.0.3.20","v0.0.3.19","v0.0.3.18","v0.0.3.17","v0.0.3.16","v0.0.3.15","v0.0.3.14","v0.0.3.13","v0.0.3.12","v0.0.3.11","v0.0.3.10","v0.0.3.9","v0.0.3.8","v0.0.3.7","v0.0.3.6","v0.0.3.5","v0.0.3.4","v0.0.3.3","v0.0.3.2","v0.0.3.1","v3.2.2","v3.1.0","v3.0.0","v2.3.13","v2.3.9","v2.3.7","v2.2.14","v2.2.13","v2.2.7","2.1.18"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-57951.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}