What the vulnerability does
01Description
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through <= 2.2.
Explanation of Vulnerability in Simple Terms
02Summary
WebP Conversion versions 2.2 and earlier lack proper access controls, allowing unauthenticated attackers to trigger a denial-of-service condition over the network. No user interaction is required. The vulnerability does not affect data confidentiality or integrity, only service availability.
What an attacker can do
03Attacker Capabilities
Make the service unavailable by sending network requests without authentication.
Potential impact on your site
04Site Impact
Service disruptions if WebP Conversion is used in production; attackers can degrade availability without credentials.
Conditions required to exploit
05Prerequisites
Network access to the affected system; no authentication or user interaction required.
Key dates
06Disclosure timeline
January 23, 2026
CVE published
April 28, 2026
Record updated