The vulnerability identified as CVE-2026-24965 involves missing authorization checks in the Contest Gallery application by Wasiliy Strecker. This issue stems from improperly configured access control mechanisms, which may allow users with limited privileges to access or perform actions they should not be authorized for. The affected versions include all releases up to 28.1.1. The CVSS vector (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) indicates that the vulnerability can be exploited remotely over the network with low attack complexity, requires low privileges, no user interaction, and results in limited confidentiality impact without affecting integrity or availability.

The impact of this vulnerability is limited to a confidentiality breach where unauthorized users with some privileges might access information they should not have. There is no impact on data integrity or system availability. No known exploits have been reported in the wild, suggesting limited active exploitation at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix is currently referenced, users should monitor vendor communications for updates. In the meantime, review and tighten access control configurations to ensure proper authorization enforcement where possible.