[ixpmanager] [RELEASE] V7.3.0 - Security Updates (severity: high) , App Passwords feature, API keys modernisation, bug fixes

Barry O'Donovan (INEX) barry.odonovan at inex.ie
Tue Jun 30 19:33:47 IST 2026



INEX is pleased to announce the immediate availability of IXP Manager 
v7.3.0. This is primarily a security release following a responsible 
disclosure and subsequent internal hardening. Both issues have a high 
severity. This release also includes some bug fixes, improvements, and 
new features.

⚠️ All IXP Manager users should upgrade to v7.3.0.



Our Continuing Security Commitment & EU CRA Alignment

As IXP Manager powers critical internet infrastructure globally, 
security is core to our processes, and this is the fourth successive 
release primarily focused on security. We have also used third-party 
reporting as a catalyst to perform proactive internal audits of our 
codebase, leading to the discovery and immediate mitigation of 
additional vulnerabilities.

Also, with the European Union’s Cyber Resilience Act mandatory reporting 
requirements taking effect this September, INEX is cognisant of our 
legal role as an Open-Source Software Steward. To meet these 
obligations, we have reviewed and updated our Security Policy 
<https://github.com/inex/IXP-Manager/security/policy>.


Security Advisory: Vulnerabilities Resolved in v7.3.0

Impact: High (Privilege Escalation & Unauthorised Access)

Privilege Escalation (CVE pending) (Severity: 8.8/10) - a confirmed 
vulnerability allows an authenticated, non-administrative user to 
elevate their privileges to administrator status. This was responsibly 
disclosed.
Broken Object-Level Authorisation (CVE pending) (Severity: 8.3/10) - 
following the initial report of (1) above, our development team 
conducted a proactive internal audit. During this review, we identified 
and corrected an issue in which an authenticated user could view and 
edit a resource belonging to another user without authorisation.
Remediation: Both issues are addressed in this v7.3.0 release. Please 
upgrade to v7.3.0 as soon as possible.




Kind regards,
Barry O'Donovan
INEX



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.inex.ie/pipermail/ixpmanager/attachments/20260630/847936b0/attachment.htm>


More information about the ixpmanager mailing list