CVE-2026-25643 – Frigate Remote Code Execution Vulnerability
“A weakness in a video surveillance platform could allow attackers to run code and gain control of monitoring systems.”
This patch addresses a critical vulnerability (CVE-2026-25643) affecting Frigate, an open-source network video recorder widely used with IP cameras for object detection and surveillance automation. The issue stems from improper validation of externally supplied input within components responsible for processing requests and integrations.
An attacker with access to a vulnerable Frigate instance could exploit the flaw by sending specially crafted requests that trigger remote code execution on the host system. Successful exploitation may allow attackers to take control of the surveillance platform, manipulate video processing functions, or access stored recordings and system data. CVE-2026-25643 carries a CVSS v3.1 score of 9.1 (Critical).
Security updates correct the unsafe input handling and strengthen request validation within affected components. Systems running vulnerable versions remain exposed to remote compromise until the patched version of Frigate is deployed.
Key Details
- Affected Product
- Frigate Frigate
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- CWE Classification
- CWE-78