What the vulnerability does
01Description
Missing Authorization vulnerability in Zara 4 Zara 4 Image Compression zara-4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zara 4 Image Compression: from n/a through <= 1.2.17.2.
Explanation of Vulnerability in Simple Terms
02Summary
Zara 4 Image Compression versions up to 1.2.17.2 lack proper authorization checks, allowing authenticated users to trigger a denial-of-service condition. An attacker with low-level account access can exhaust server resources through the image compression function without proper permission validation. This affects availability but not data confidentiality or integrity.
What an attacker can do
03Attacker Capabilities
Authenticated user can make the site unresponsive by overloading the image compression service.
Potential impact on your site
04Site Impact
Site may become slow or unavailable if a low-privilege user repeatedly triggers image compression.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
06Disclosure timeline
June 20, 2025
CVE published
April 28, 2026
Record updated