CVE-2026-2109 identifies an improper authorization vulnerability in the jsbroks COCO Annotator, specifically affecting versions 0.11.0 and 0.11.1. The flaw exists in the /api/undo/ endpoint within the Delete Category Handler component, where manipulation of the argument ID parameter allows an attacker to bypass authorization checks. This vulnerability can be exploited remotely without requiring authentication or user interaction, making it accessible to unauthenticated attackers over the network. The improper authorization allows unauthorized users to perform delete operations on annotation categories, potentially disrupting the integrity of datasets used for machine learning and computer vision projects. The vulnerability has a CVSS 4.0 base score of 5.3, indicating medium severity, with attack vector network (AV:N), low attack complexity (AC:L), no privileges required (PR:L), no user interaction (UI:N), and partial impact on integrity and availability (VI:L, VA:L). No confidentiality impact is noted. The vendor was contacted but did not respond, and no patches or mitigations have been officially released. A public exploit is available, increasing the risk of exploitation despite no current reports of active exploitation in the wild. This vulnerability poses a risk to organizations relying on COCO Annotator for data labeling, as unauthorized deletion or modification of categories can corrupt datasets, delay projects, and potentially lead to erroneous AI model training outcomes.

For European organizations, the impact of CVE-2026-2109 can be significant in sectors relying on AI and machine learning, such as automotive, healthcare, and research institutions. Unauthorized deletion of annotation categories can compromise dataset integrity, leading to flawed model training and inaccurate AI outputs. This can result in operational delays, increased costs for data re-annotation, and potential reputational damage if AI-driven decisions are affected. The vulnerability’s remote exploitability without authentication increases the risk of attacks from external threat actors. While confidentiality is not directly impacted, the integrity and availability of critical annotation data are at risk. Organizations using COCO Annotator in collaborative environments may face disruption in workflows and data consistency. The lack of vendor response and absence of patches heighten the urgency for organizations to implement compensating controls. Given the growing adoption of open-source annotation tools in Europe’s AI ecosystem, the threat could affect a broad range of entities, from startups to large enterprises.

Since no official patches are available, European organizations should implement the following specific mitigations: 1) Restrict network access to the COCO Annotator instance by implementing strict firewall rules and network segmentation to limit exposure to trusted users only. 2) Enforce strong authentication and authorization mechanisms at the application or proxy level to prevent unauthorized access to the /api/undo/ endpoint. 3) Monitor and log all API calls to /api/undo/ and related endpoints to detect anomalous or unauthorized deletion attempts promptly. 4) Employ web application firewalls (WAFs) with custom rules to detect and block suspicious manipulation of the argument ID parameter. 5) Conduct regular audits of annotation data integrity to identify unauthorized modifications early. 6) Consider deploying COCO Annotator instances in isolated environments with limited user privileges and disable or restrict undo/delete category functionalities if feasible. 7) Stay informed on vendor updates or community patches and plan for timely application once available. 8) Educate users on secure usage practices and the risks associated with this vulnerability. These targeted measures go beyond generic advice by focusing on access control, monitoring, and operational practices tailored to the vulnerability’s characteristics.