Get a Demo

Let's Patch It!

Book a short call with one our specialists, we'll walk you through how Endor Patches work, and ask you a few questions about your environment (like your primary programming languages and repository management). We'll also send you an email right after you fill out the form, feel free to reply with any questions you have in advance!

CVE

CVE-2026-25643

Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape
Back to all
CVE

CVE-2026-25643

Frigate Affected by Authenticated Remote Command Execution (RCE) and Container Escape

Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream configuration (config.yaml), allowing direct injection of system commands via the exec: directive. The go2rtc service executes these commands without restrictions. This vulnerability is only exploitable by an administrator or users who have exposed their Frigate install to the open internet with no authentication which allows anyone full administrative control. This vulnerability is fixed in 0.16.4.

Package Versions Affected

Package Version
patch Availability
No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request

CVSS Version

Severity
Base Score
CVSS Version
Score Vector
C
H
U
9.1
-
3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
C
H
U
-

Related Resources

No items found.

References

https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25643.json, https://github.com/blakeblackshear/frigate/releases/tag/v0.16.4, https://github.com/blakeblackshear/frigate/security/advisories/GHSA-4c97-5jmr-8f6x, https://nvd.nist.gov/vuln/detail/CVE-2026-25643

Severity

9.1

CVSS Score
0
10

Basic Information

Ecosystem
Base CVSS
9.1
EPSS Probability
0.00942%
EPSS Percentile
0.75884%
Introduced Version
0
Fix Available
4131252a3ba4544bf7cb1468bf30bdfd932e2489

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.
Fix Without Upgrading