Authorization bypass through user-controlled key in eLabFTW - #VU137366
Published: July 12, 2026
eLabFTW
Detailed vulnerability description
The vulnerability allows a remote user to access another user's encrypted private signing key.
The vulnerability exists due to improper access control in the `GET /api/v2/users/{id}/sig_keys/` API endpoint when handling requests for another user's signing keys. A remote user can request the endpoint with a different user identifier to access another user's encrypted private signing key.
Exploitation requires authenticated API access, and the targeted user must have at least one active signing key.