diff --git a/CHANGELOG.md b/CHANGELOG.md
index 33682bd8..045da795 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,11 @@ This file is a running track of new features and fixes to each version of the pa
 
 This project follows [Semantic Versioning](http://semver.org) guidelines.
 
+## v0.5.7 (Bodacious Boreopterus)
+
+### Fixed
+* **[Security Vulnerability]** — Fixed a bug in the Server Model SQL code that was causing server access verification to evaluate to true regardless of a users access permissions.
+
 ## v0.5.6 (Bodacious Boreopterus)
 ### Added
 * Added the following languages: Estonian `et`, Dutch `nl`, Norwegian `nb` (partial), Romanian `ro`, and Russian `ru`. Interested in helping us translate the panel into more languages, or improving existing translations? Contact us on Discord and let us know.
diff --git a/app/Models/Server.php b/app/Models/Server.php
index a2f7d738..ebe8fd8b 100644
--- a/app/Models/Server.php
+++ b/app/Models/Server.php
@@ -172,8 +172,9 @@ class Server extends Model
 
         $query = self::select('servers.*', 'services.file as a_serviceFile')
             ->join('services', 'services.id', '=', 'servers.service')
-            ->where('uuidShort', $uuid)
-            ->orWhere('uuid', $uuid);
+            ->where(function ($q) use ($uuid) {
+                $q->where('uuidShort', $uuid)->orWhere('uuid', $uuid);
+            });
 
         if (self::$user->root_admin !== 1) {
             $query->whereIn('servers.id', Subuser::accessServers());