Common Weakness Enumeration

CWE-266

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CVE-2026-53902 (GCVE-0-2026-53902)

Vulnerability from cvelistv5 – Published: 2026-07-01 11:58 – Updated: 2026-07-01 13:42
VLAI
Title
Privilege Escalation in MCO
Summary
MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation. An attacker can add themselves to arbitrary groups by supplying a valid group ID, which can be obtained via other application functionalities (e.g. /customer/servlet/mco/webapi/group/picker/groups), provided he has necessary permissions, or potentially inferred through brute-force techniques. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
  • CWE-863 - Incorrect Authorization
Assigner
References
Impacted products
Vendor Product Version
MyComplianceOffice MCO Affected: 25.3.3.1 (custom)
Create a notification for this product.
Credits
Hubert Decyusz (AFINE Team)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-53902",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-01T13:42:48.531051Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-01T13:42:53.914Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "MCO",
          "vendor": "MyComplianceOffice",
          "versions": [
            {
              "status": "affected",
              "version": "25.3.3.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Hubert Decyusz (AFINE Team)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "MCO does not properly enforce authorization checks in the \u003ci\u003e/customer/servlet/mco/webapi/profile-sections/group-membership\u003c/i\u003e endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation.\u003cbr\u003eAn attacker can add themselves to arbitrary groups by supplying a valid group ID, which can be obtained via other application functionalities (e.g.\u0026nbsp;\u003ci\u003e/customer/servlet/mco/webapi/group/picker/groups\u003c/i\u003e), provided he has necessary permissions, or potentially inferred through brute-force techniques.\u003cbr\u003e\u003cp\u003e\u003cspan\u003e\u003cbr\u003eBecause vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1\u0026nbsp;but may also affect other versions.\u003c/span\u003e\u003c/p\u003e"
            }
          ],
          "value": "MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation.\nAn attacker can add themselves to arbitrary groups by supplying a valid group ID, which can be obtained via other application functionalities (e.g.\u00a0/customer/servlet/mco/webapi/group/picker/groups), provided he has necessary permissions, or potentially inferred through brute-force techniques.\n\n\n\nBecause vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1\u00a0but may also affect other versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863 Incorrect Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-01T11:58:31.205Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2026/07/CVE-2026-53902"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://mco.mycomplianceoffice.com/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Privilege Escalation in MCO",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2026-53902",
    "datePublished": "2026-07-01T11:58:31.205Z",
    "dateReserved": "2026-06-11T07:44:52.179Z",
    "dateUpdated": "2026-07-01T13:42:53.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54196 (GCVE-0-2026-54196)

Vulnerability from cvelistv5 – Published: 2026-06-17 09:51 – Updated: 2026-06-17 12:16
VLAI
Title
WordPress JetFormBuilder plugin <= 3.6.1 - Privilege Escalation vulnerability
Summary
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
Jetmonsters JetFormBuilder Affected: n/a , ≤ 3.6.1 (custom)
Create a notification for this product.
Credits
Baikuya | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54196",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T12:16:09.056272Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T12:16:17.065Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "jetformbuilder",
          "product": "JetFormBuilder",
          "vendor": "Jetmonsters",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.6.1.1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.6.1",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Baikuya | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Subscriber Privilege Escalation in JetFormBuilder \u003c= 3.6.1 versions."
            }
          ],
          "value": "Subscriber Privilege Escalation in JetFormBuilder \u003c= 3.6.1 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T09:51:40.708Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/jetformbuilder/vulnerability/wordpress-jetformbuilder-plugin-3-6-1-privilege-escalation-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress JetFormBuilder Plugin to the latest available version (at least 3.6.1.1)."
            }
          ],
          "value": "Update the WordPress JetFormBuilder Plugin to the latest available version (at least 3.6.1.1)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress JetFormBuilder plugin \u003c= 3.6.1 - Privilege Escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-54196",
    "datePublished": "2026-06-17T09:51:40.708Z",
    "dateReserved": "2026-06-12T09:16:00.860Z",
    "dateUpdated": "2026-06-17T12:16:17.065Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54805 (GCVE-0-2026-54805)

Vulnerability from cvelistv5 – Published: 2026-06-17 09:51 – Updated: 2026-06-17 12:11
VLAI
Title
WordPress Falang multilanguage plugin <= 1.4.2 - Privilege Escalation vulnerability
Summary
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
sbouey Falang multilanguage Affected: n/a , ≤ 1.4.2 (custom)
Create a notification for this product.
Credits
ParkHyunWoo | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54805",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T12:10:35.997714Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T12:11:22.289Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "falang",
          "product": "Falang multilanguage",
          "vendor": "sbouey",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.4.3",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.4.2",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "ParkHyunWoo | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Subscriber Privilege Escalation in Falang multilanguage \u003c= 1.4.2 versions."
            }
          ],
          "value": "Subscriber Privilege Escalation in Falang multilanguage \u003c= 1.4.2 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T09:51:44.457Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/falang/vulnerability/wordpress-falang-multilanguage-plugin-1-4-2-privilege-escalation-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress Falang multilanguage Plugin to the latest available version (at least 1.4.3)."
            }
          ],
          "value": "Update the WordPress Falang multilanguage Plugin to the latest available version (at least 1.4.3)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Falang multilanguage plugin \u003c= 1.4.2 - Privilege Escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-54805",
    "datePublished": "2026-06-17T09:51:44.457Z",
    "dateReserved": "2026-06-16T09:21:34.477Z",
    "dateUpdated": "2026-06-17T12:11:22.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-54807 (GCVE-0-2026-54807)

Vulnerability from cvelistv5 – Published: 2026-06-17 09:51 – Updated: 2026-06-17 12:15
VLAI
Title
WordPress Registration Form for WooCommerce plugin <= 1.0.9 - Privilege Escalation vulnerability
Summary
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
ThemeGrill Registration Form for WooCommerce Affected: n/a , ≤ 1.0.9 (custom)
Create a notification for this product.
Credits
ParkHyunWoo | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-54807",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T12:15:03.967995Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T12:15:13.929Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "registration-form-for-woocommerce",
          "product": "Registration Form for WooCommerce",
          "vendor": "ThemeGrill",
          "versions": [
            {
              "changes": [
                {
                  "at": "1.1.0",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "1.0.9",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "ParkHyunWoo | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Unauthenticated Privilege Escalation in Registration Form for WooCommerce \u003c= 1.0.9 versions."
            }
          ],
          "value": "Unauthenticated Privilege Escalation in Registration Form for WooCommerce \u003c= 1.0.9 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T09:51:46.082Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/registration-form-for-woocommerce/vulnerability/wordpress-registration-form-for-woocommerce-plugin-1-0-9-privilege-escalation-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress Registration Form for WooCommerce Plugin to the latest available version (at least 1.1.0)."
            }
          ],
          "value": "Update the WordPress Registration Form for WooCommerce Plugin to the latest available version (at least 1.1.0)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Registration Form for WooCommerce plugin \u003c= 1.0.9 - Privilege Escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-54807",
    "datePublished": "2026-06-17T09:51:46.082Z",
    "dateReserved": "2026-06-16T09:21:34.477Z",
    "dateUpdated": "2026-06-17T12:15:13.929Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5484 (GCVE-0-2026-5484)

Vulnerability from cvelistv5 – Published: 2026-04-03 19:45 – Updated: 2026-04-08 18:52 X_Open Source
VLAI
Title
BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control
Summary
A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
Impacted products
Vendor Product Version
BookStackApp BookStack Affected: 26.03
Unaffected: 26.03.1
    cpe:2.3:a:bookstackapp:bookstack:*:*:*:*:*:*:*:*
Create a notification for this product.
Credits
Ghufran Khan (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5484",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-08T18:52:37.756630Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-08T18:52:44.563Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:bookstackapp:bookstack:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Chapter Export Handler"
          ],
          "product": "BookStack",
          "vendor": "BookStackApp",
          "versions": [
            {
              "status": "affected",
              "version": "26.03"
            },
            {
              "status": "unaffected",
              "version": "26.03.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Ghufran Khan (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in BookStackApp BookStack up to 26.03. Affected is the function chapterToMarkdown of the file app/Exports/ExportFormatter.php of the component Chapter Export Handler. Executing a manipulation of the argument pages can lead to improper access controls. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 26.03.1 is able to address this issue. This patch is called 8a59895ba063040cc8dafd82e94024c406df3d04. It is advisable to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-03T19:45:12.967Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-355091 | BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/355091"
        },
        {
          "name": "VDB-355091 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/355091/cti"
        },
        {
          "name": "Submit #781762 | BookstackApp BookStack  v25.12.9 Improper Access Controls",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/781762"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/Ghufran2/CVE-Bookstack/blob/main/Permission%20Bypass%20in%20Markdown%20Chapter%20Export"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.bookstackapp.com/blog/bookstack-release-v26-03-1/"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/BookStackApp/BookStack/commit/8a59895ba063040cc8dafd82e94024c406df3d04"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/BookStackApp/BookStack/releases/tag/v26.03.1"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/BookStackApp/BookStack/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-03T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-03T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-03T15:16:40.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "BookStackApp BookStack Chapter Export ExportFormatter.php chapterToMarkdown access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5484",
    "datePublished": "2026-04-03T19:45:12.967Z",
    "dateReserved": "2026-04-03T13:10:53.751Z",
    "dateUpdated": "2026-04-08T18:52:44.563Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5526 (GCVE-0-2026-5526)

Vulnerability from cvelistv5 – Published: 2026-04-04 22:15 – Updated: 2026-04-06 14:51
VLAI
Title
Tenda 4G03 Pro httpd access control
Summary
A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/vuln/355279 vdb-entry
https://vuldb.com/vuln/355279/cti signaturepermissions-required
https://vuldb.com/submit/782052 third-party-advisory
https://www.tenda.com.cn/ product
Impacted products
Vendor Product Version
Tenda 4G03 Pro Affected: 1.0
Affected: 1.1
Affected: 04.03.01.0
Affected: 04.03.01.1
Affected: 04.03.01.2
Affected: 04.03.01.3
Affected: 04.03.01.4
Affected: 04.03.01.5
Affected: 04.03.01.6
Affected: 04.03.01.7
Affected: 04.03.01.8
Affected: 04.03.01.9
Affected: 04.03.01.10
Affected: 04.03.01.11
Affected: 04.03.01.12
Affected: 04.03.01.13
Affected: 04.03.01.14
Affected: 04.03.01.15
Affected: 04.03.01.16
Affected: 04.03.01.17
Affected: 04.03.01.18
Affected: 04.03.01.19
Affected: 04.03.01.20
Affected: 04.03.01.21
Affected: 04.03.01.22
Affected: 04.03.01.23
Affected: 04.03.01.24
Affected: 04.03.01.25
Affected: 04.03.01.26
Affected: 04.03.01.27
Affected: 04.03.01.28
Affected: 04.03.01.29
Affected: 04.03.01.30
Affected: 04.03.01.31
Affected: 04.03.01.32
Affected: 04.03.01.33
Affected: 04.03.01.34
Affected: 04.03.01.35
Affected: 04.03.01.36
Affected: 04.03.01.37
Affected: 04.03.01.38
Affected: 04.03.01.39
Affected: 04.03.01.40
Affected: 04.03.01.41
Affected: 04.03.01.42
Affected: 04.03.01.43
Affected: 04.03.01.44
Affected: 04.03.01.45
Affected: 04.03.01.46
Affected: 04.03.01.47
Affected: 04.03.01.48
Affected: 04.03.01.49
Affected: 04.03.01.50
Affected: 04.03.01.51
Affected: 04.03.01.52
Affected: 04.03.01.53
Affected: 192.168.0.0
Affected: 192.168.0.1
Create a notification for this product.
Credits
CoreNode (VulDB User) VulDB Vulnerability Moderation Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5526",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-06T14:28:18.964474Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-06T14:51:31.134Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "4G03 Pro",
          "vendor": "Tenda",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "04.03.01.0"
            },
            {
              "status": "affected",
              "version": "04.03.01.1"
            },
            {
              "status": "affected",
              "version": "04.03.01.2"
            },
            {
              "status": "affected",
              "version": "04.03.01.3"
            },
            {
              "status": "affected",
              "version": "04.03.01.4"
            },
            {
              "status": "affected",
              "version": "04.03.01.5"
            },
            {
              "status": "affected",
              "version": "04.03.01.6"
            },
            {
              "status": "affected",
              "version": "04.03.01.7"
            },
            {
              "status": "affected",
              "version": "04.03.01.8"
            },
            {
              "status": "affected",
              "version": "04.03.01.9"
            },
            {
              "status": "affected",
              "version": "04.03.01.10"
            },
            {
              "status": "affected",
              "version": "04.03.01.11"
            },
            {
              "status": "affected",
              "version": "04.03.01.12"
            },
            {
              "status": "affected",
              "version": "04.03.01.13"
            },
            {
              "status": "affected",
              "version": "04.03.01.14"
            },
            {
              "status": "affected",
              "version": "04.03.01.15"
            },
            {
              "status": "affected",
              "version": "04.03.01.16"
            },
            {
              "status": "affected",
              "version": "04.03.01.17"
            },
            {
              "status": "affected",
              "version": "04.03.01.18"
            },
            {
              "status": "affected",
              "version": "04.03.01.19"
            },
            {
              "status": "affected",
              "version": "04.03.01.20"
            },
            {
              "status": "affected",
              "version": "04.03.01.21"
            },
            {
              "status": "affected",
              "version": "04.03.01.22"
            },
            {
              "status": "affected",
              "version": "04.03.01.23"
            },
            {
              "status": "affected",
              "version": "04.03.01.24"
            },
            {
              "status": "affected",
              "version": "04.03.01.25"
            },
            {
              "status": "affected",
              "version": "04.03.01.26"
            },
            {
              "status": "affected",
              "version": "04.03.01.27"
            },
            {
              "status": "affected",
              "version": "04.03.01.28"
            },
            {
              "status": "affected",
              "version": "04.03.01.29"
            },
            {
              "status": "affected",
              "version": "04.03.01.30"
            },
            {
              "status": "affected",
              "version": "04.03.01.31"
            },
            {
              "status": "affected",
              "version": "04.03.01.32"
            },
            {
              "status": "affected",
              "version": "04.03.01.33"
            },
            {
              "status": "affected",
              "version": "04.03.01.34"
            },
            {
              "status": "affected",
              "version": "04.03.01.35"
            },
            {
              "status": "affected",
              "version": "04.03.01.36"
            },
            {
              "status": "affected",
              "version": "04.03.01.37"
            },
            {
              "status": "affected",
              "version": "04.03.01.38"
            },
            {
              "status": "affected",
              "version": "04.03.01.39"
            },
            {
              "status": "affected",
              "version": "04.03.01.40"
            },
            {
              "status": "affected",
              "version": "04.03.01.41"
            },
            {
              "status": "affected",
              "version": "04.03.01.42"
            },
            {
              "status": "affected",
              "version": "04.03.01.43"
            },
            {
              "status": "affected",
              "version": "04.03.01.44"
            },
            {
              "status": "affected",
              "version": "04.03.01.45"
            },
            {
              "status": "affected",
              "version": "04.03.01.46"
            },
            {
              "status": "affected",
              "version": "04.03.01.47"
            },
            {
              "status": "affected",
              "version": "04.03.01.48"
            },
            {
              "status": "affected",
              "version": "04.03.01.49"
            },
            {
              "status": "affected",
              "version": "04.03.01.50"
            },
            {
              "status": "affected",
              "version": "04.03.01.51"
            },
            {
              "status": "affected",
              "version": "04.03.01.52"
            },
            {
              "status": "affected",
              "version": "04.03.01.53"
            },
            {
              "status": "affected",
              "version": "192.168.0.0"
            },
            {
              "status": "affected",
              "version": "192.168.0.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "CoreNode (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB Vulnerability Moderation Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A security flaw has been discovered in Tenda 4G03 Pro up to 1.0/1.1/04.03.01.53/192.168.0.1. Affected by this vulnerability is an unknown functionality of the file /bin/httpd. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-04T22:15:14.338Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-355279 | Tenda 4G03 Pro httpd access control",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/355279"
        },
        {
          "name": "VDB-355279 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/355279/cti"
        },
        {
          "name": "Submit #782052 | Tenda Tenda 4G03 Pro V1.0 V04.03.01.53 Authentication Bypass Issues",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/782052"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.tenda.com.cn/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-04T08:25:10.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Tenda 4G03 Pro httpd access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5526",
    "datePublished": "2026-04-04T22:15:14.338Z",
    "dateReserved": "2026-04-04T06:19:57.834Z",
    "dateUpdated": "2026-04-06T14:51:31.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5529 (GCVE-0-2026-5529)

Vulnerability from cvelistv5 – Published: 2026-04-05 00:15 – Updated: 2026-04-06 19:11
VLAI
Title
Dromara lamp-cloud DefUserController pageUser improper authorization
Summary
A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-285 - Improper Authorization
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
URL Tags
https://vuldb.com/vuln/355282 vdb-entrytechnical-description
https://vuldb.com/vuln/355282/cti signaturepermissions-required
https://vuldb.com/submit/782103 third-party-advisory
https://github.com/dromara/lamp-cloud/issues/403 exploitissue-tracking
https://github.com/dromara/lamp-cloud/ product
Impacted products
Vendor Product Version
Dromara lamp-cloud Affected: 5.8.0
Affected: 5.8.1
Create a notification for this product.
Credits
aibot88 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5529",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-06T19:11:09.815617Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-06T19:11:19.646Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "DefUserController"
          ],
          "product": "lamp-cloud",
          "vendor": "Dromara",
          "versions": [
            {
              "status": "affected",
              "version": "5.8.0"
            },
            {
              "status": "affected",
              "version": "5.8.1"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "aibot88 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was detected in Dromara lamp-cloud up to 5.8.1. This vulnerability affects the function pageUser of the file /defUser/pageUser of the component DefUserController. Performing a manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-05T00:15:13.302Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-355282 | Dromara lamp-cloud DefUserController pageUser improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/355282"
        },
        {
          "name": "VDB-355282 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/355282/cti"
        },
        {
          "name": "Submit #782103 | Dromara lamp-cloud 5.8.1 Broken object property level authorization",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/782103"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/dromara/lamp-cloud/issues/403"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://github.com/dromara/lamp-cloud/"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-04T08:32:07.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Dromara lamp-cloud DefUserController pageUser improper authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5529",
    "datePublished": "2026-04-05T00:15:13.302Z",
    "dateReserved": "2026-04-04T06:26:51.702Z",
    "dateUpdated": "2026-04-06T19:11:19.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-5569 (GCVE-0-2026-5569)

Vulnerability from cvelistv5 – Published: 2026-04-05 13:15 – Updated: 2026-04-06 16:18
VLAI
Title
Technostrobe HI-LED-WR120-G2 Endpoint access control
Summary
A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been made public and could be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-284 - Improper Access Controls
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
Technostrobe HI-LED-WR120-G2 Affected: 5.5.0.1R6.03.30
Create a notification for this product.
Credits
shiky8 (VulDB User) VulDB CNA Team
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-5569",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-06T16:17:54.054807Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-06T16:18:11.013Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "Endpoint"
          ],
          "product": "HI-LED-WR120-G2",
          "vendor": "Technostrobe",
          "versions": [
            {
              "status": "affected",
              "version": "5.5.0.1R6.03.30"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "shiky8 (VulDB User)"
        },
        {
          "lang": "en",
          "type": "coordinator",
          "value": "VulDB CNA Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Impacted is an unknown function of the file /Technostrobe/ of the component Endpoint. The manipulation results in improper access controls. The attack may be performed from remote. The exploit has been made public and could be used. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:W/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 7.5,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:W/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "Improper Access Controls",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-05T13:15:15.167Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-355339 | Technostrobe HI-LED-WR120-G2 Endpoint access control",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/vuln/355339"
        },
        {
          "name": "VDB-355339 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/355339/cti"
        },
        {
          "name": "Submit #783322 | Technostrobe HI-LED-WR120-G2 Obstruction Lighting Controller 5.5.0.1R6.03.30 Broken Access Control",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/783322"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/shiky8/my--cve-vulnerability-research/blob/main/my_VulnDB_cves/CVE-TECHNOSTROBE-01-BrokenAccessControl.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-04-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-04-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-04-04T16:46:24.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Technostrobe HI-LED-WR120-G2 Endpoint access control"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-5569",
    "datePublished": "2026-04-05T13:15:15.167Z",
    "dateReserved": "2026-04-04T14:40:50.587Z",
    "dateUpdated": "2026-04-06T16:18:11.013Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-56008 (GCVE-0-2026-56008)

Vulnerability from cvelistv5 – Published: 2026-06-26 14:52 – Updated: 2026-06-29 16:04
VLAI
Title
WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability
Summary
Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
ThemeFusion Fusion Builder Affected: n/a , ≤ 3.15.4 (custom)
Create a notification for this product.
Credits
daroo | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-56008",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-29T16:04:22.774398Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-29T16:04:31.030Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "fusion-builder",
          "product": "Fusion Builder",
          "vendor": "ThemeFusion",
          "versions": [
            {
              "changes": [
                {
                  "at": "3.15.5",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "3.15.4",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "daroo | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Contributor Privilege Escalation in Fusion Builder \u003c= 3.15.4 versions."
            }
          ],
          "value": "Contributor Privilege Escalation in Fusion Builder \u003c= 3.15.4 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T14:52:28.955Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/fusion-builder/vulnerability/wordpress-fusion-builder-plugin-3-15-4-privilege-escalation-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress Fusion Builder Plugin to the latest available version (at least 3.15.5)."
            }
          ],
          "value": "Update the WordPress Fusion Builder Plugin to the latest available version (at least 3.15.5)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Fusion Builder plugin \u003c= 3.15.4 - Privilege Escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-56008",
    "datePublished": "2026-06-26T14:52:28.955Z",
    "dateReserved": "2026-06-18T09:31:56.470Z",
    "dateUpdated": "2026-06-29T16:04:31.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-56010 (GCVE-0-2026-56010)

Vulnerability from cvelistv5 – Published: 2026-06-26 14:52 – Updated: 2026-06-26 20:18
VLAI
Title
WordPress Abandoned Cart Pro for WooCommerce plugin <= 10.4.0 - Privilege Escalation vulnerability
Summary
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-266 - Incorrect Privilege Assignment
Assigner
References
Impacted products
Vendor Product Version
Tyche Softwares. Abandoned Cart Pro for WooCommerce Affected: n/a , ≤ 10.4.0 (custom)
Create a notification for this product.
Credits
Austin Ginder | Patchstack Bug Bounty Program
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-56010",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-26T20:13:55.235496Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-26T20:18:47.172Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://wordpress.org/plugins",
          "defaultStatus": "unaffected",
          "packageName": "woocommerce-abandon-cart-pro",
          "product": "Abandoned Cart Pro for WooCommerce",
          "vendor": "Tyche Softwares.",
          "versions": [
            {
              "changes": [
                {
                  "at": "10.4.1",
                  "status": "unaffected"
                }
              ],
              "lessThanOrEqual": "10.4.0",
              "status": "affected",
              "version": "n/a",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "Austin Ginder | Patchstack Bug Bounty Program"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce \u003c= 10.4.0 versions."
            }
          ],
          "value": "Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce \u003c= 10.4.0 versions."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-233",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-233 Privilege Escalation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266 Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-26T14:52:29.594Z",
        "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "shortName": "Patchstack"
      },
      "references": [
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://patchstack.com/database/wordpress/plugin/woocommerce-abandon-cart-pro/vulnerability/wordpress-abandoned-cart-pro-for-woocommerce-plugin-10-4-0-privilege-escalation-vulnerability?_s_id=cve"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Update the WordPress Abandoned Cart Pro for WooCommerce Plugin to the latest available version (at least 10.4.1)."
            }
          ],
          "value": "Update the WordPress Abandoned Cart Pro for WooCommerce Plugin to the latest available version (at least 10.4.1)."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "WordPress Abandoned Cart Pro for WooCommerce plugin \u003c= 10.4.0 - Privilege Escalation vulnerability",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
    "assignerShortName": "Patchstack",
    "cveId": "CVE-2026-56010",
    "datePublished": "2026-06-26T14:52:29.594Z",
    "dateReserved": "2026-06-18T09:31:56.471Z",
    "dateUpdated": "2026-06-26T20:18:47.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation ID: MIT-1

Phases: Architecture and Design, Operation

Description:

  • Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation ID: MIT-17

Phases: Architecture and Design, Operation

Strategy: Environment Hardening

Description:

  • Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page