CVE-2026-33470 is a medium-severity vulnerability affecting Frigate, a network video recorder (NVR) with realtime local object detection for IP cameras. This vulnerability allows low-privilege authenticated users restricted to one camera to access snapshots from other cameras. The flaw exists in Frigate version 0.17.0 and is due to two authorization issues that, when exploited, enable a restricted user to enumerate event IDs from unauthorized cameras and subsequently fetch clean snapshots for those events.
The vulnerability is classified with a CVSS score of 6.5, indicating a medium severity level. The attack vector is network-based, which means that an attacker can exploit this vulnerability remotely. The complexity of the attack is low, requiring minimal privileges and no user interaction, which increases the risk to organizations. As a result, organizations should prioritize patching this vulnerability to protect against potential unauthorized access.
Version 0.17.1 of Frigate addresses this issue, eliminating the authorization problems that allowed restricted access to snapshots. Without immediate remediation, organizations risk exposing sensitive video data from their camera systems to unauthorized users.
As of now, there is no public exploit confirmed for this vulnerability, and it has not been classified under the Known Exploited Vulnerabilities (KEV) catalog. However, the potential for exploitation remains, making it critical for organizations to monitor and remediate this issue.
Organizations should address this vulnerability in their priority patch cycle, ensuring that all instances of Frigate are upgraded to version 0.17.1 or later.
Vulnerability Details
The official CVE description outlines that in version 0.17.0, a low-privilege authenticated user can access unauthorized camera snapshots due to two authorization issues: the `/api/timeline` endpoint providing access to timeline entries beyond the caller's permission and the `/api/events/{event_id}/snapshot-clean.webp` endpoint failing to validate camera access properly. This flaw is designated as CWE-862 (Incorrect Authorization) and CWE-863 (Incorrect Authorization Logic).
The CVSS score of 6.5 indicates medium severity, with high confidentiality impact but no integrity or availability impact. Affected systems include Frigate version 0.17.0, which should be updated to version 0.17.1 to mitigate the risk.
Technical Analysis
The root cause of CVE-2026-33470 is inadequate validation of user permissions in the API endpoints. The authorization mechanism fails to restrict access to snapshots based on the user's assigned cameras. Attackers exploit this vulnerability by manipulating API requests to enumerate unauthorized camera events.
The attack vector is network-based, allowing exploitation from anywhere with internet access. The attack complexity is low, with attackers requiring only low privileges to initiate the attack. This vulnerability does not require user interaction, making it easier for attackers to exploit. The confidentiality impact is high, as unauthorized users can access sensitive video snapshots, while integrity and availability impacts are negligible.
Risk & Impact Analysis
Risk to organizations includes unauthorized access to sensitive video data from IP cameras, which can lead to privacy violations and potential legal repercussions. The blast radius of this vulnerability can be significant, particularly for organizations leveraging Frigate for surveillance. If exploited, an attacker could enumerate event IDs from unauthorized cameras, compromising the confidentiality of sensitive footage.
Organizations should prioritize patching immediately to mitigate this vulnerability, especially those with Frigate deployed in environments where sensitive footage is recorded. The urgency is underscored by the medium CVSS score, which indicates that while the vulnerability is not critical, it poses a substantial risk that could be exploited by malicious actors.
Exploitation Status
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The affected version is Frigate 0.17.0. Organizations should upgrade to version 0.17.1 or later to mitigate the risks associated with this vulnerability. If version information is missing, organizations should assume all versions prior to the vendor patch are vulnerable.
Mitigation & Remediation
To mitigate this vulnerability, organizations should upgrade to Frigate version 0.17.1 or later. In cases where an immediate upgrade is not possible, consider implementing network controls to restrict access to the affected API endpoints and monitor for any unauthorized access attempts. Organizations should also conduct a security assessment to identify any other potential vulnerabilities and ensure that their systems are adequately protected.
For further guidance on testing and securing your applications, organizations can refer to our penetration testing services.
Detection Guidance
Organizations should monitor logs for any unusual access patterns, specifically access to the `/api/timeline` and `/api/events/{event_id}/snapshot-clean.webp` endpoints. Behavioral anomalies indicative of unauthorized access, such as attempts to view snapshots from cameras not assigned to the user, should also be investigated. Additionally, network signatures can help identify attempts to exploit this vulnerability.
AppSecure Threat Intelligence Insight
CVE-2026-33470 highlights a critical area of concern for organizations utilizing network video recorders (NVRs) in surveillance systems. The ability for low-privilege users to access snapshots from unauthorized cameras poses significant privacy and security risks. As such, organizations must adopt a proactive approach to vulnerability management, focusing on regular updates and security assessments.
Security teams should take this incident as a learning opportunity to enhance their security posture. Implementing robust access controls and regularly auditing user permissions can help prevent similar vulnerabilities in the future. For more insights on security best practices, consider reading our articles on penetration testing methodology and vulnerability management program design to strengthen your security measures.
By maintaining awareness of vulnerabilities like CVE-2026-33470 and implementing strategic defenses, organizations can better protect their assets and mitigate the risks associated with security breaches.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)