Incorrect Authorization Affecting actingweb package, versions [,3.7.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Incorrect Authorization vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-PYTHON-ACTINGWEB-14829719
- published1 Jan 2026
- disclosed1 Jan 2026
- creditUnknown
Introduced: 1 Jan 2026
CVE NOT AVAILABLE CWE-863 (opens in a new tab)Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade actingweb to version 3.7.0 or higher.
Overview
actingweb is a The official ActingWeb library
Affected versions of this package are vulnerable to Incorrect Authorization due to missing permission filtering in the listall method in the actingweb/handlers/properties.py. An attacker can access and list properties they are not authorized to view by making requests to the Properties listall endpoint as an authenticated peer.