CVE-2026-24965 identifies a missing authorization vulnerability in the Contest Gallery software developed by Wasiliy Strecker. The issue stems from incorrectly configured access control security levels, which fail to properly restrict user permissions. This misconfiguration allows unauthorized users to bypass intended access restrictions, potentially enabling them to view, modify, or delete contest-related data or administrative functions within the application. The vulnerability affects all versions up to and including 28.1.1, though the exact earliest affected version is unspecified. No public exploits have been reported, and no official patches have been linked yet. The vulnerability is critical because it undermines the fundamental security principle of authorization, which is essential to protect sensitive data and maintain system integrity. Since Contest Gallery is used to manage contests and user submissions, unauthorized access could lead to data leakage, manipulation of contest results, or disruption of service. The lack of a CVSS score necessitates an independent severity assessment, which considers the ease of exploitation (likely low if no authentication is required), the scope of affected systems, and the potential impact on confidentiality and integrity. The vulnerability does not appear to require user interaction, increasing its risk profile. Organizations relying on Contest Gallery should urgently assess their exposure and prepare to apply security updates once available.

For European organizations, this vulnerability poses significant risks, especially for entities that use Contest Gallery to manage contests, competitions, or user-generated content. Unauthorized access could lead to exposure of sensitive participant data, manipulation of contest outcomes, or unauthorized administrative actions, damaging organizational reputation and trust. The integrity of contest data is critical for fairness and compliance, and any compromise could result in legal and regulatory consequences under GDPR if personal data is exposed. Availability impact appears limited but cannot be ruled out if attackers disrupt contest operations. The vulnerability could also be leveraged as a foothold for further attacks within the network if combined with other vulnerabilities. European organizations with public-facing contest platforms or those integrated with broader digital ecosystems are particularly vulnerable. The lack of known exploits provides a window for proactive mitigation, but the risk remains high due to the fundamental nature of the authorization flaw.

1. Immediately review and audit access control configurations within Contest Gallery installations to ensure proper authorization checks are enforced for all sensitive operations. 2. Restrict access to Contest Gallery administrative interfaces and sensitive contest data to trusted users only, using network segmentation and firewall rules where possible. 3. Monitor logs and user activity for unusual access patterns or unauthorized attempts to access restricted functions. 4. Implement multi-factor authentication (MFA) for all administrative accounts to reduce risk of unauthorized access. 5. Stay informed about official patches or updates from the developer and apply them promptly once released. 6. Consider deploying Web Application Firewalls (WAF) with custom rules to detect and block unauthorized access attempts targeting Contest Gallery. 7. Conduct regular security assessments and penetration testing focused on access control mechanisms. 8. Educate staff and users about the importance of secure access practices and reporting suspicious activity. 9. If possible, isolate Contest Gallery instances from critical infrastructure to limit potential lateral movement in case of compromise.