Advisory Database
  • Advisories
  • Dependency Scanning
  1. composer
  2. ›
  3. code16/sharp
  4. ›
  5. CVE-2026-53634

CVE-2026-53634: Sharp Missing Authorization Check in Quick Creation Command Endpoints

July 8, 2026

The create and store endpoints of the Quick Creation Command feature did not enforce any authorization check. An authenticated Sharp user without create permission on a given entity could bypass the authorization layer and either retrieve the creation form or submit new records for that entity, as long as it had a Quick Creation Command handler configured.

References

  • github.com/advisories/GHSA-vmwx-m75v-qvch
  • github.com/code16/sharp/commit/aa18a85fd8fef830988a336cad2278986729d21a
  • github.com/code16/sharp/pull/729
  • github.com/code16/sharp/releases/tag/v9.22.3
  • github.com/code16/sharp/security/advisories/GHSA-vmwx-m75v-qvch
  • nvd.nist.gov/vuln/detail/CVE-2026-53634

Code Behaviors & Features

Detect and mitigate CVE-2026-53634 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 9.0.0 before 9.22.3

Fixed versions

  • 9.22.3

Solution

Upgrade to version 9.22.3 or above.

Impact 4.3 MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Learn more about CVSS

Weakness

  • CWE-862: Missing Authorization

Source file

packagist/code16/sharp/CVE-2026-53634.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Thu, 09 Jul 2026 00:17:41 +0000.