CVE-2025-56333

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component

critical 9.8 CVSS 3.1

Published: Dec 29, 2025

Modified: Jan 7, 2026

Vendor: Pangolin

Product: Pangolin

Description

An issue in Fossorial fosrl/pangolin v.1.6.2 and before allows a remote attacker to escalate privileges via the 2FA component

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor	Pangolin
Product	Pangolin