Main Vulnerability Database Exploits ID:12759 - Exploit for Authorization bypass through user-controlled key in ZoneMinder

ID:12759 - Exploit for Authorization bypass through user-controlled key in ZoneMinder

Published: June 4, 2026

Vulnerability identifier: #VU133361

Vulnerability risk: Medium

CVE-ID: N/A

CWE-ID: CWE-639

Exploitation vector: Remote access

Vulnerable software:
ZoneMinder

Link to public exploit:

https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-vj5r-pc2v-gfwv/#poc

Vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the cross-monitor event media authorization bypass in direct event media endpoints. A remote user can retrieve private event media on the system.

Remediation

Install updates from vendor's website.

ID:12759 - Exploit for Authorization bypass through user-controlled key in ZoneMinder

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human