Lyrie
Critical CVE
CVSS 9.83 sources verified·1 min read
By Lyrie Threat Intelligence·4/27/2026

CRITICAL: CVE-2026-25660 (CVSS 9.8) — ericsson codechecker

CVE: CVE-2026-25660

CVSS: 9.8 (3.1) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: CRITICAL

Status: Critical advisory

Affected

  • ericsson codechecker

Summary

CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy.

Authentication bypass occurs when the URL ends with Authentication with certain function calls.  This bypass allows assigning arbitrary permission to any user existing in CodeChecker.

This issue affects CodeChecker: through 6.27.3.

Verified Sources

References

  • https://github.com/Ericsson/codechecker/security/advisories/GHSA-4v9x-cqc5-j645

_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._

Lyrie Verdict

A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.

#ericsson#critical

Validated sources

  1. [1]NVD
  2. [2]GitHub Advisory
  3. [3]MITRE