CVE-2026-59258 - immich < 3.0.3 Shared Album Editor Ownership Takeover via updateUser
CVE ID :CVE-2026-59258 Published : July 15, 2026, 6:16 p.m. | 17 minutes ago Description :immich before 3.0.3 contains a broken access control vulnerability in the PUT /albums/:id/user/:userId endpoint that allows shared album editors to modify member roles without owner-only restrictions....