This vulnerability in coolercontrold versions prior to 4.0.0 allows unauthenticated attackers to access and modify sensitive data through HTTP requests due to missing authentication controls on critical functions. The CVSS v3.1 base score is 5.9, reflecting local attack vector, low attack complexity, no privileges required, no user interaction, and impacts on confidentiality, integrity, and availability. The absence of authentication on critical functions represents a significant security weakness that could lead to unauthorized data exposure and modification.

An attacker with local access can exploit this vulnerability to view and modify sensitive data without authentication. This could lead to unauthorized disclosure and alteration of data, potentially affecting system integrity and availability. However, the attack requires local access, which limits the exposure compared to remote vulnerabilities.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to the affected coolercontrold service to trusted users only. Monitor for updates from CoolerControl regarding patches or mitigations.