CVE-2026-7681
MEDIUM · 6.5Early disclosure public but no PoC link, KEV absent, feed noise dominates signal.
What: Authorization bypass in jsbroks COCO Annotator ≤0.11.1 Dataset API via DatasetId parameter manipulation (CVSS 6.5 MEDIUM).
Why it matters: Public exploit disclosed; vendor unresponsive to early notification. No KEV listing yet. Chatter is automated feed aggregation (CVEnew, VulmonFeeds, security blogs) with no defender triage or working PoC confirmation visible in the posts.
Where it's seen: Automated CVE feed tweets and Bluesky repeats. No vendor advisory, no researcher deep-dive, no "I found this in the wild" signals—purely NVD replication within hours of publication.
RISK: MODERATE — Unpatched auth bypass in annotation tool; niche but accessible target; vendor silent.
AttackerKB
view on attackerkb.com →A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Public PoCs on GitHub 1 repo
- cometkim/awesome-list ★ 22
My personal awesome list based on GitHub stars
Articles & coverage 14 articles
- CVE-2026-7681 - Exploits & Severity - Feedly
This vulnerability is listed as CVE-2026-7681 . The attack may be initiated remotely. In addition, an exploit is available. The vendor was
- CVE-2026-7681 jsbroks COCO Annotator Dataset API datasets.py ...
A vulnerability was found in jsbroks COCO Annotator up to 0.11.1. It has been classified as critical. Affected is an unknown code block of the
- Rocky Linux perl-XML-Parser Vital Security Patch RLSA-2026-7681
Important security update for perl-XML-Parser addressing memory corruption and denial of service in Rocky Linux 10.
- Rocky Linux security update perl-XML-Parser Critical Launch RLSA-2026-7685
{"type": "TYPE\_SECURITY", "shortCode": "RL", "name": "RLSA-2026:7681", "synopsis": "Important: perl-XML-Parser security update", "severity": "SEVERITY\_IMPORTANT", "topic": "An update is available for perl-XML-Parser.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CV
- CVE-2026-27681: SAP Business Planning SQL Injection Flaw
# CVE-2026-27681: SAP Business Planning SQL Injection Flaw. CVE-2026-27681 is an SQL injection vulnerability in SAP Business Planning and Consolidation that enables authenticated attackers to execute crafted SQL statements, compromising data confidentiality, integrity, and availability. CVE-2026-27681 is a SQL Injection vulnerability affecting SAP Business Planning and Consolidation (BPC) and SAP
› NVD details 2 CWE ·0 vendors · 4 refs expand
Description
A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webserver/api/datasets.py of the component Dataset API. The manipulation of the argument DatasetId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Top posts driving the trend
@infoflowcloudX · 5/3/2026🚨*CVE* CVE-2026-7681 A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webser… https://t.co/tgDDCWPVKP ----- Traducción: CVE-2026-7681 Se … https://t.co/utmtNgl3sv`
♥ 0 · ↻ 0 · 💬 0
@CVEnewX · 5/3/2026CVE-2026-7681 A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this vulnerability is an unknown functionality of the file backend/webser… https://t.co/BfBsre8NHc
♥ 0 · ↻ 0 · 💬 0- @cve.skyfleet.blueBluesky · 5/3/2026
CVE-2026-7681 - jsbroks COCO Annotator Dataset API datasets.py authorization CVE ID : CVE-2026-7681 Published : May 3, 2026, 5 a.m. | 1 hour, 19 minutes ago Description : A security vulnerability has been detected in jsbroks COCO Annotator up to 0.11.1. Affected by this ...
♥ 0 · ↻ 0 · 💬 0 
@VulmonFeedsX · 5/3/2026CVE-2026-7681 Authorization Bypass in jsbroks COCO Annotator Up to 0.11.1 Dataset API https://t.co/SvjUnWGsst
♥ 0 · ↻ 0 · 💬 0
