Piwigo Missing Authorization Vulnerability - CVE-2026-27833
Reference:
CVE-2026-27833
Title:
Piwigo Missing Authorization Vulnerability
Overview:
Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0 the pwg.history.search API method in Piwigo is registered without the admin_only option allowing unauthenticated users to access the full browsing history of all gallery visitors. This issue has been patched in version 16.3.0.