CVE-2026-50885: Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1
Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allow unauthorized attackers to access sensitive endpoints via a crafted request.
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 1
HarborGuard Analysis
Synopsis
Incorrect access control in the share-based read endpoints of Sismics Docs (Teedy) v1.11 allows an unauthenticated, network-based attacker to reach endpoints that should be restricted, by sending a crafted HTTP request. No authentication is required, and no user interaction is needed. Successful exploitation gives the attacker read access to sensitive document data. No fix version has been published yet; HarborGuard tracks this advisory and will make a patched rebuild available as soon as an upstream fix is released.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle Teedy v1.11.
AvailableHarborGuard is capable of scoring this finding at CVSS 7.5 (HIGH) and weighting it against each environment's compliance policy, then routing the alert to the appropriate team inbox within the customer organization.
AvailableBecause no fix version has been published upstream, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment an upstream fix is released. In the meantime, customers can apply compensating controls through HarborGuard's policy engine to flag or block images containing this version.
Pending upstreamExploit Conditions
- Network reachabilityRequired
The vulnerable endpoints are exposed over the network, so the attacker must be able to reach the Teedy service via HTTP/HTTPS.
- AuthenticationNot required
No credentials or session token are needed; the attacker can send the crafted request as an anonymous caller.
- Victim interactionNot required
The attacker interacts directly with the server; no user action such as clicking a link or opening a file is required.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and reproducible without depending on race conditions or specific environmental configurations.
Blast Radius
- An attacker reads documents and files stored in the Teedy instance that should be access-controlled behind share permissions.
- Sensitive endpoint responses, which may include document metadata, file contents, and user-associated records, are exposed in full.
- Because confidentiality impact is rated High and no authentication barrier exists, a single crafted request can return data across multiple restricted resources.
How HarborGuard Handles This
Available on HarborGuard: this CVE is actively tracked against all customer images containing Teedy v1.11. Because no upstream patch exists yet, HarborGuard monitors the advisory on every ingest cycle and will trigger an automatic patched-image rebuild the moment a fix version is published. For customers who opt into auto-remediation, that rebuild will be followed by a regression-test run and a PR opened against affected workloads. While waiting for an upstream fix, customers can use HarborGuard's network-policy controls to isolate the affected service from untrusted network segments, apply egress filtering on the container running Teedy, and configure compliance policies to block promotion of images containing this CVE into production environments. Where compliance policy permits, these compensating controls can be enforced automatically across affected pipelines.
- n/a / n/an/a
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N