CVE-2026-59093 - Weaviate < 1.38.0 - Privilege Escalation via Unchecked Permissions in RBAC Role Assignment
CVE ID :CVE-2026-59093 Published : July 2, 2026, 7:40 p.m. | 3 hours, 33 minutes ago Description :Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers...