Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection — CVE-2026-42303
GitHub · GitHub · CVE-2026-42303
ID
CVE-2026-42303
CVE-2026-42303
Date
Updated
Activity
Source
GitHub
GitHub
Vendor
GitHub
GitHub
Threat
medium
medium
CVSS
6.1
6.1
EPSS
0.00049
0.00049
Summary
### Summary Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an administrator can approve a privacy request whose identity was never verified. For erasure policies, this can result in unauthorized deletion of a data subject's records across every integration configured in the affected deployment. A related…
Product
pip: ethyca-fides
What to do
General, cautious steps (verify details in the official source):
- Review exposure and plan remediation based on risk and environment.
- Identify affected product versions in your inventory and verify whether you are impacted.
- Apply vendor patches/updates or recommended mitigations as soon as available.
- Read the official advisory for exact affected versions and remediation steps.