Threats Tagged 'cve-2026-48790'
View all threats tagged with 'cve-2026-48790'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-48790'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-57f6-pvx8-hwj6: turso-cli persists Turso platform JWT with world-readable (0o644) file permissionsCVE-2026-48790 0 The turso-cli tool stores the user's Turso platform JWT token in a settings.json file with world-readable file permissions (0o644) on Linux and macOS systems. This allows any local user on the same host to read the token and gain full access to the user's Turso platform organizations. The token grants capabilities such as creating or destroying databases, rotating credentials, exfiltrating data, and changing billing settings. The issue arises because the underlying Viper library defaults to 0o644 permissions for config files, and turso-cli does not override this to restrict access. A patch is available that sets the file permissions to 0o600, restricting access to the owner only. Until patched, users can manually tighten permissions on the settings file and its directory. Join the discussion | GCVE Database | 06/26/2026, 20:44:39 UTC Added: 06/26/2026, 22:04:26 UTC |
Showing 1 to 1 of 1 result