CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3255 vulnerabilities reference this CWE, most recent first.
CVE-2026-24134 (GCVE-0-2026-24134)
Vulnerability from cvelistv5 – Published: 2026-01-27 23:34 – Updated: 2026-01-28 15:08| URL | Tags |
|---|---|
| https://github.com/withstudiocms/studiocms/securi… | x_refsource_CONFIRM |
| https://github.com/withstudiocms/studiocms/commit… | x_refsource_MISC |
| https://github.com/withstudiocms/studiocms/releas… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| withstudiocms | studiocms |
Affected:
< 0.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24134",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-28T15:08:21.623508Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-28T15:08:38.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "studiocms",
"vendor": "withstudiocms",
"versions": [
{
"status": "affected",
"version": "\u003c 0.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the \"Visitor\" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T23:34:55.922Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932"
},
{
"name": "https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad"
},
{
"name": "https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0"
}
],
"source": {
"advisory": "GHSA-8cw6-53m5-4932",
"discovery": "UNKNOWN"
},
"title": "StudioCMS has an Authorization Bypass Through User-Controlled Key"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24134",
"datePublished": "2026-01-27T23:34:55.922Z",
"dateReserved": "2026-01-21T18:38:22.474Z",
"dateUpdated": "2026-01-28T15:08:38.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23843 (GCVE-0-2026-23843)
Vulnerability from cvelistv5 – Published: 2026-01-19 18:42 – Updated: 2026-01-20 20:05- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/sibercii6-crypto/teklifolustur… | x_refsource_CONFIRM |
| https://github.com/sibercii6-crypto/teklifolustur… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| sibercii6-crypto | teklifolustur_app |
Affected:
< dd082a134a225b8dcd401b6224eead4fb183ea1c
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T19:37:12.620630Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T20:05:43.380Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "teklifolustur_app",
"vendor": "sibercii6-crypto",
"versions": [
{
"status": "affected",
"version": "\u003c dd082a134a225b8dcd401b6224eead4fb183ea1c"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "teklifolustur_app is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference (IDOR) vulnerability exists in the offer view functionality. Authenticated users can manipulate the offer_id parameter to access offers belonging to other users. The issue is caused by missing authorization checks ensuring that the requested offer belonged to the currently authenticated user. Commit dd082a134a225b8dcd401b6224eead4fb183ea1c contains a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-19T18:42:56.765Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/sibercii6-crypto/teklifolustur_app/security/advisories/GHSA-6h9r-mmg3-cg7m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/sibercii6-crypto/teklifolustur_app/security/advisories/GHSA-6h9r-mmg3-cg7m"
},
{
"name": "https://github.com/sibercii6-crypto/teklifolustur_app/commit/dd082a134a225b8dcd401b6224eead4fb183ea1c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/sibercii6-crypto/teklifolustur_app/commit/dd082a134a225b8dcd401b6224eead4fb183ea1c"
}
],
"source": {
"advisory": "GHSA-6h9r-mmg3-cg7m",
"discovery": "UNKNOWN"
},
"title": "teklifolustur_app\u0027s IDOR vulnerability allows unauthorized access to other users\u0027 offers"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23843",
"datePublished": "2026-01-19T18:42:56.765Z",
"dateReserved": "2026-01-16T15:46:40.842Z",
"dateUpdated": "2026-01-20T20:05:43.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23754 (GCVE-0-2026-23754)
Vulnerability from cvelistv5 – Published: 2026-01-21 18:02 – Updated: 2026-05-14 02:09- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://supportannouncement.us.dlink.com/security… | vendor-advisorypatch |
| https://www.vulncheck.com/advisories/dlink-dview-… | third-party-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T15:11:04.543748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T16:50:54.833Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "D-View 8",
"vendor": "D-Link",
"versions": [
{
"lessThanOrEqual": "2.0.1.107",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlink:d-view_8:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.1.107",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kazuma Matsumoto, a security researcher at GMO Cybersecurity by IERAE, Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system."
}
],
"value": "D-Link D-View 8 versions 2.0.1.107 and below contain an improper access control vulnerability in backend API endpoints. Any authenticated user can supply an arbitrary user_id value to retrieve sensitive credential data belonging to other users, including super administrators. The exposed credential material can be reused directly as a valid authentication secret, allowing full impersonation of the targeted account. This results in complete account takeover and full administrative control over the D-View system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-14T02:09:23.656Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10471"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dlink-dview-8-idor-allows-credential-disclosure-and-account-takeover"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later.\u003cbr\u003e"
}
],
"value": "Upgrade to D-Link D-View 8 version 2.0.5.109 Beta or later."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-23754",
"datePublished": "2026-01-21T18:02:45.878Z",
"dateReserved": "2026-01-15T18:42:20.938Z",
"dateUpdated": "2026-05-14T02:09:23.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23638 (GCVE-0-2026-23638)
Vulnerability from cvelistv5 – Published: 2026-06-01 18:11 – Updated: 2026-06-01 19:04- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/kiteworks/security-advisories/… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| kiteworks | Secure Data Forms |
Affected:
< 9.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23638",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T18:59:31.552498Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T19:04:22.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Secure Data Forms",
"vendor": "kiteworks",
"versions": [
{
"status": "affected",
"version": "\u003c 9.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient authorization checks on resource ownership. Upgrade Kiteworks to version 9.3.0 or later to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T18:49:28.769Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-8wmh-mg2h-hf46",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kiteworks/security-advisories/security/advisories/GHSA-8wmh-mg2h-hf46"
}
],
"source": {
"advisory": "GHSA-8wmh-mg2h-hf46",
"discovery": "UNKNOWN"
},
"title": "Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23638",
"datePublished": "2026-06-01T18:11:35.851Z",
"dateReserved": "2026-01-14T16:08:37.483Z",
"dateUpdated": "2026-06-01T19:04:22.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23522 (GCVE-0-2026-23522)
Vulnerability from cvelistv5 – Published: 2026-01-19 16:53 – Updated: 2026-01-20 21:35| URL | Tags |
|---|---|
| https://github.com/lobehub/lobe-chat/security/adv… | x_refsource_CONFIRM |
| https://github.com/lobehub/lobe-chat/commit/2c176… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23522",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-20T21:35:33.327391Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-20T21:35:39.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "lobe-chat",
"vendor": "lobehub",
"versions": [
{
"status": "affected",
"version": "\u003c 2.0.0-next.193"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, `knowledgeBase.removeFilesFromKnowledgeBase` tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. `userId` filter in the database query is commented out, so it\u0027s enabling attackers to delete other users\u0027 KB files if they know the knowledge base ID and file ID. While the vulnerability is confirmed, practical exploitation requires knowing target\u0027s KB ID and target\u0027s file ID. These IDs are random and not easily enumerable. However, IDs may leak through shared links, logs, referrer headers and so on. Missing authorization check is a critical security flaw regardless. Users should upgrade to version 2.0.0-next.193 to receive a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-19T16:53:32.371Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-j7xp-4mg9-x28r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/lobehub/lobe-chat/security/advisories/GHSA-j7xp-4mg9-x28r"
},
{
"name": "https://github.com/lobehub/lobe-chat/commit/2c1762b85acb84467ed5e799afe1499cd2f912e6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/lobehub/lobe-chat/commit/2c1762b85acb84467ed5e799afe1499cd2f912e6"
}
],
"source": {
"advisory": "GHSA-j7xp-4mg9-x28r",
"discovery": "UNKNOWN"
},
"title": "Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23522",
"datePublished": "2026-01-19T16:53:32.371Z",
"dateReserved": "2026-01-13T18:22:43.980Z",
"dateUpdated": "2026-01-20T21:35:39.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23488 (GCVE-0-2026-23488)
Vulnerability from cvelistv5 – Published: 2026-03-23 20:48 – Updated: 2026-03-24 13:48- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/blinkospace/blinko/security/ad… | x_refsource_CONFIRM |
| https://github.com/blinkospace/blinko/pull/1089 | x_refsource_MISC |
| https://github.com/blinkospace/blinko/commit/4623… | x_refsource_MISC |
| https://github.com/blinkospace/blinko/releases/ta… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| blinkospace | blinko |
Affected:
< 1.8.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23488",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T13:47:27.294337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T13:48:42.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "blinko",
"vendor": "blinkospace",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note (including private notes) without authorization, even if the note has not been publicly shared. The /api/v1/comment/list endpoint has the same issue, allowing unauthorized viewing of comments on all notes. This issue has been patched in version 1.8.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T20:48:55.325Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/blinkospace/blinko/security/advisories/GHSA-84hm-vw62-472m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blinkospace/blinko/security/advisories/GHSA-84hm-vw62-472m"
},
{
"name": "https://github.com/blinkospace/blinko/pull/1089",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blinkospace/blinko/pull/1089"
},
{
"name": "https://github.com/blinkospace/blinko/commit/4623dd02bdeed768ffa6fea4cc2f8644cbb08c5e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blinkospace/blinko/commit/4623dd02bdeed768ffa6fea4cc2f8644cbb08c5e"
},
{
"name": "https://github.com/blinkospace/blinko/releases/tag/1.8.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blinkospace/blinko/releases/tag/1.8.4"
}
],
"source": {
"advisory": "GHSA-84hm-vw62-472m",
"discovery": "UNKNOWN"
},
"title": "Blinko: multiple interfaces in the comment feature allow unauthorized access"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23488",
"datePublished": "2026-03-23T20:48:55.325Z",
"dateReserved": "2026-01-13T15:47:41.628Z",
"dateUpdated": "2026-03-24T13:48:42.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23487 (GCVE-0-2026-23487)
Vulnerability from cvelistv5 – Published: 2026-03-23 20:45 – Updated: 2026-03-24 18:46- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/blinkospace/blinko/security/ad… | x_refsource_CONFIRM |
| https://github.com/blinkospace/blinko/commit/bef6… | x_refsource_MISC |
| https://github.com/blinkospace/blinko/releases/ta… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| blinkospace | blinko |
Affected:
< 1.8.4
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23487",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-24T18:46:26.294268Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-24T18:46:32.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "blinko",
"vendor": "blinkospace",
"versions": [
{
"status": "affected",
"version": "\u003c 1.8.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, there is an IDOR vulnerability where user.detail Endpoint Leaks the Superadmin Token. This issue has been patched in version 1.8.4."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-23T20:45:32.635Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/blinkospace/blinko/security/advisories/GHSA-4ffv-78qx-9p66",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/blinkospace/blinko/security/advisories/GHSA-4ffv-78qx-9p66"
},
{
"name": "https://github.com/blinkospace/blinko/commit/bef6b770743e87c630db2d00d7049dabd96bfe85",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blinkospace/blinko/commit/bef6b770743e87c630db2d00d7049dabd96bfe85"
},
{
"name": "https://github.com/blinkospace/blinko/releases/tag/1.8.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/blinkospace/blinko/releases/tag/1.8.4"
}
],
"source": {
"advisory": "GHSA-4ffv-78qx-9p66",
"discovery": "UNKNOWN"
},
"title": "Blinko: IDOR - user.detail Endpoint Leaks Superadmin Token"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23487",
"datePublished": "2026-03-23T20:45:32.635Z",
"dateReserved": "2026-01-13T15:47:41.628Z",
"dateUpdated": "2026-03-24T18:46:32.047Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-23478 (GCVE-0-2026-23478)
Vulnerability from cvelistv5 – Published: 2026-01-13 21:37 – Updated: 2026-01-14 16:56| URL | Tags |
|---|---|
| https://github.com/calcom/cal.com/security/adviso… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-23478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-14T16:56:18.762218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T16:56:25.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "cal.com",
"vendor": "calcom",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1.6, \u003c 6.0.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user\u0027s account by supplying a target email address via session.update(). This vulnerability is fixed in 6.0.7."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602: Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-13T21:37:35.541Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/calcom/cal.com/security/advisories/GHSA-7hg4-x4pr-3hrg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/calcom/cal.com/security/advisories/GHSA-7hg4-x4pr-3hrg"
}
],
"source": {
"advisory": "GHSA-7hg4-x4pr-3hrg",
"discovery": "UNKNOWN"
},
"title": "Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-23478",
"datePublished": "2026-01-13T21:37:35.541Z",
"dateReserved": "2026-01-13T15:47:41.627Z",
"dateUpdated": "2026-01-14T16:56:25.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22589 (GCVE-0-2026-22589)
Vulnerability from cvelistv5 – Published: 2026-01-10 03:17 – Updated: 2026-01-12 17:32- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/spree/spree/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/spree/spree/commit/16067def6de… | x_refsource_MISC |
| https://github.com/spree/spree/commit/4c2bd62326f… | x_refsource_MISC |
| https://github.com/spree/spree/commit/d051925778f… | x_refsource_MISC |
| https://github.com/spree/spree/commit/e1cff4605eb… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22589",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T17:32:40.770165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:32:46.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/spree/spree/security/advisories/GHSA-3ghg-3787-w2xr"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "spree",
"vendor": "spree",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.2.0, \u003c 5.2.5"
},
{
"status": "affected",
"version": "\u003e= 5.1.0, \u003c 5.1.9"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.7"
},
{
"status": "affected",
"version": "\u003c 4.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Unauthenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an unauthenticated attacker to access guest address information without supplying valid credentials or session cookies. This issue has been patched in versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T03:17:58.494Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/spree/spree/security/advisories/GHSA-3ghg-3787-w2xr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/spree/spree/security/advisories/GHSA-3ghg-3787-w2xr"
},
{
"name": "https://github.com/spree/spree/commit/16067def6de8e0742d55313e83b0fbab6d2fd795",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spree/spree/commit/16067def6de8e0742d55313e83b0fbab6d2fd795"
},
{
"name": "https://github.com/spree/spree/commit/4c2bd62326fba0d846fd9e4bad2c62433829b3ad",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spree/spree/commit/4c2bd62326fba0d846fd9e4bad2c62433829b3ad"
},
{
"name": "https://github.com/spree/spree/commit/d051925778f24436b62fa8e4a6b842c72ca80a67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spree/spree/commit/d051925778f24436b62fa8e4a6b842c72ca80a67"
},
{
"name": "https://github.com/spree/spree/commit/e1cff4605eb15472904602aebaf8f2d04852d6ad",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spree/spree/commit/e1cff4605eb15472904602aebaf8f2d04852d6ad"
}
],
"source": {
"advisory": "GHSA-3ghg-3787-w2xr",
"discovery": "UNKNOWN"
},
"title": "Spree API has Unauthenticated IDOR - Guest Address"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22589",
"datePublished": "2026-01-10T03:17:58.494Z",
"dateReserved": "2026-01-07T21:50:39.532Z",
"dateUpdated": "2026-01-12T17:32:46.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22588 (GCVE-0-2026-22588)
Vulnerability from cvelistv5 – Published: 2026-01-08 20:53 – Updated: 2026-01-08 21:08- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://github.com/spree/spree/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/spree/spree/commit/02acabdce2c… | x_refsource_MISC |
| https://github.com/spree/spree/commit/17e78a91b73… | x_refsource_MISC |
| https://github.com/spree/spree/commit/b409c0fd327… | x_refsource_MISC |
| https://github.com/spree/spree/commit/d3f961c442e… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22588",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-08T21:08:29.340173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T21:08:53.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "spree",
"vendor": "spree",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.2.0, \u003c 5.2.5"
},
{
"status": "affected",
"version": "\u003e= 5.1.0, \u003c 5.1.9"
},
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.7"
},
{
"status": "affected",
"version": "\u003c 4.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Spree is an open source e-commerce solution built with Ruby on Rails. Prior to versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5, an Authenticated Insecure Direct Object Reference (IDOR) vulnerability was identified that allows an authenticated user to retrieve other users\u2019 address information by modifying an existing order. By editing an order they legitimately own and manipulating address identifiers in the request, the backend server accepts and processes references to addresses belonging to other users, subsequently associating those addresses with the attacker\u2019s order and returning them in the response. This issue has been patched in versions 4.10.2, 5.0.7, 5.1.9, and 5.2.5."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-08T20:53:37.110Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/spree/spree/security/advisories/GHSA-g268-72p7-9j6j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/spree/spree/security/advisories/GHSA-g268-72p7-9j6j"
},
{
"name": "https://github.com/spree/spree/commit/02acabdce2c5f14fd687335b068d901a957a7e72",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spree/spree/commit/02acabdce2c5f14fd687335b068d901a957a7e72"
},
{
"name": "https://github.com/spree/spree/commit/17e78a91b736b49dbea8d1bb1223c284383ee5f3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spree/spree/commit/17e78a91b736b49dbea8d1bb1223c284383ee5f3"
},
{
"name": "https://github.com/spree/spree/commit/b409c0fd327e7ce37f63238894670d07079eefe8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spree/spree/commit/b409c0fd327e7ce37f63238894670d07079eefe8"
},
{
"name": "https://github.com/spree/spree/commit/d3f961c442e0015661535cbd6eb22475f76d2dc7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/spree/spree/commit/d3f961c442e0015661535cbd6eb22475f76d2dc7"
}
],
"source": {
"advisory": "GHSA-g268-72p7-9j6j",
"discovery": "UNKNOWN"
},
"title": "Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22588",
"datePublished": "2026-01-08T20:53:37.110Z",
"dateReserved": "2026-01-07T21:50:39.531Z",
"dateUpdated": "2026-01-08T21:08:53.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.