CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3255 vulnerabilities reference this CWE, most recent first.
CVE-2026-15945 (GCVE-0-2026-15945)
Vulnerability from cvelistv5 – Published: 2026-07-16 17:36 – Updated: 2026-07-17 14:00- CWE-639 - Authorization Bypass Through User-Controlled Key
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2026-15945 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2501302 | issue-trackingx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| Red Hat | Red Hat Build of Keycloak |
cpe:/a:redhat:build_keycloak: |
|
| Red Hat | Red Hat Data Grid 8 |
cpe:/a:redhat:jboss_data_grid:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat Single Sign-On 7 |
cpe:/a:redhat:red_hat_single_sign_on:7 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-17T13:59:59.366659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T14:00:09.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"packageName": "keycloak-services",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"packageName": "rhbk-keycloak-rhel9/rhbk-keycloak-rhel9",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:build_keycloak:"
],
"defaultStatus": "affected",
"packageName": "rhbk-openshift-rhel9/rhbk-openshift-rhel9",
"product": "Red Hat Build of Keycloak",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_data_grid:8"
],
"defaultStatus": "affected",
"packageName": "keycloak-services",
"product": "Red Hat Data Grid 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "affected",
"packageName": "keycloak-services",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:red_hat_single_sign_on:7"
],
"defaultStatus": "affected",
"packageName": "keycloak-services",
"product": "Red Hat Single Sign-On 7",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "Red Hat would like to thank Paul Bottinelli (Trail of Bits) for reporting this issue."
}
],
"datePublic": "2026-07-14T15:31:04.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the group search functionality of the Keycloak server\u0027s administrative API. When Fine-Grained Admin Permissions (FGAP) v2 is enabled, a delegated administrator can bypass access restrictions to view parent groups they are not authorized to see. By searching for a child group they have permission to view, the system incorrectly returns the full details of the parent group in the response, leading to the disclosure of sensitive group attributes and configuration."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T17:36:24.856Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-15945"
},
{
"name": "RHBZ#2501302",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2501302"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-14T15:31:04.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-07-14T15:31:04.000Z",
"value": "Made public."
}
],
"title": "Keycloak-services: keycloak-services: group hierarchy search discloses hidden parent groups under fgap v2",
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-639: Authorization Bypass Through User-Controlled Key"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2026-15945",
"datePublished": "2026-07-16T17:36:24.856Z",
"dateReserved": "2026-07-16T12:26:48.913Z",
"dateUpdated": "2026-07-17T14:00:09.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15909 (GCVE-0-2026-15909)
Vulnerability from cvelistv5 – Published: 2026-07-16 00:15 – Updated: 2026-07-16 12:50| URL | Tags |
|---|---|
| https://vuldb.com/vuln/379368 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/379368/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15909 | third-party-advisory |
| https://vuldb.com/submit/844299 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| RafyMrX | TOKO-ONLINE-ROTI |
Affected:
ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99
cpe:2.3:a:rafymrx:toko-online-roti:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-16T12:50:39.689094Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T12:50:50.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:rafymrx:toko-online-roti:*:*:*:*:*:*:*:*"
],
"product": "TOKO-ONLINE-ROTI",
"vendor": "RafyMrX",
"versions": [
{
"status": "affected",
"version": "ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dest1ny_2 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected is an unknown function of the file proses/add.php. The manipulation of the argument kd_cs leads to authorization bypass. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-16T00:15:07.201Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-379368 | RafyMrX TOKO-ONLINE-ROTI add.php authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/379368"
},
{
"name": "VDB-379368 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/379368/cti"
},
{
"name": "CVE-2026-15909 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15909"
},
{
"name": "Submit #844299 | RafyMrX TOKO-ONLINE-ROTI latest (2026-06, no formal release) Input Validation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/844299"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-15T21:27:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "RafyMrX TOKO-ONLINE-ROTI add.php authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15909",
"datePublished": "2026-07-16T00:15:07.201Z",
"dateReserved": "2026-07-15T19:22:26.317Z",
"dateUpdated": "2026-07-16T12:50:50.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15637 (GCVE-0-2026-15637)
Vulnerability from cvelistv5 – Published: 2026-07-14 18:05 – Updated: 2026-07-15 14:40- CWE-639 - Authorization bypass through User-Controlled key
| Vendor | Product | Version | |
|---|---|---|---|
| Devolutions | Server |
Affected:
0 , < 2026.1.23
(custom)
Affected: 0 , < 2026.2.12 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-15637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T14:40:33.808778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T14:40:46.594Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Server",
"vendor": "Devolutions",
"versions": [
{
"lessThan": "2026.1.23",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2026.2.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authorization in the PAM SSH key and certificate retrieval \nendpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an \nauthenticated low-privileged user to disclose the private key of an SSH \nkey or certificate PAM credential via a direct object reference to the \ncredential identifier."
}
],
"value": "Improper authorization in the PAM SSH key and certificate retrieval \nendpoints in Devolutions Server 2026.2.11, 2026.1.22 allows an \nauthenticated low-privileged user to disclose the private key of an SSH \nkey or certificate PAM credential via a direct object reference to the \ncredential identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization bypass through User-Controlled key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T18:05:34.963Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2026-0024/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2026-15637",
"datePublished": "2026-07-14T18:05:34.963Z",
"dateReserved": "2026-07-13T18:17:50.907Z",
"dateUpdated": "2026-07-15T14:40:46.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15622 (GCVE-0-2026-15622)
Vulnerability from cvelistv5 – Published: 2026-07-14 01:15 – Updated: 2026-07-14 12:36 X_Open Source| URL | Tags |
|---|---|
| https://vuldb.com/vuln/378125 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/378125/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15622 | third-party-advisory |
| https://vuldb.com/submit/855797 | third-party-advisory |
| https://github.com/poco-ai/poco-claw/issues/133 | exploitissue-tracking |
| https://github.com/poco-ai/poco-claw/pull/135 | exploitissue-trackingpatch |
| https://github.com/poco-ai/poco-claw/commit/67fcc… | exploitpatch |
| https://github.com/poco-ai/poco-claw/ | exploitproduct |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15622",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:35:57.855937Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:36:09.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:poco-ai:poco-claw:*:*:*:*:*:*:*:*"
],
"modules": [
"Workspace API"
],
"product": "poco-claw",
"vendor": "poco-ai",
"versions": [
{
"status": "affected",
"version": "0.5.0"
},
{
"status": "affected",
"version": "0.5.1"
},
{
"status": "affected",
"version": "0.5.2"
},
{
"status": "affected",
"version": "0.5.3"
},
{
"status": "affected",
"version": "0.5.4"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Eric-b (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in poco-ai poco-claw up to 0.5.4. Affected is the function get_workspace_file of the file executor_manager/app/api/v1/workspace.py of the component Workspace API. Executing a manipulation of the argument user_id can lead to authorization bypass. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 67fcc88505c57f77d3fcf04eb5b89425b10cbf48. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T01:15:13.193Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-378125 | poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/378125"
},
{
"name": "VDB-378125 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/378125/cti"
},
{
"name": "CVE-2026-15622 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15622"
},
{
"name": "Submit #855797 | Poco AI poco-agent 0.5.4 Authorization Bypass Through User-Controlled Key (CWE-639)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/855797"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/poco-ai/poco-claw/issues/133"
},
{
"tags": [
"exploit",
"issue-tracking",
"patch"
],
"url": "https://github.com/poco-ai/poco-claw/pull/135"
},
{
"tags": [
"exploit",
"patch"
],
"url": "https://github.com/poco-ai/poco-claw/commit/67fcc88505c57f77d3fcf04eb5b89425b10cbf48"
},
{
"tags": [
"exploit",
"product"
],
"url": "https://github.com/poco-ai/poco-claw/"
}
],
"tags": [
"x_open-source"
],
"timeline": [
{
"lang": "en",
"time": "2026-07-13T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-13T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-13T19:06:57.000Z",
"value": "VulDB entry last update"
}
],
"title": "poco-ai poco-claw Workspace API workspace.py get_workspace_file authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15622",
"datePublished": "2026-07-14T01:15:13.193Z",
"dateReserved": "2026-07-13T17:01:54.313Z",
"dateUpdated": "2026-07-14T12:36:09.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15516 (GCVE-0-2026-15516)
Vulnerability from cvelistv5 – Published: 2026-07-13 00:15 – Updated: 2026-07-13 15:22| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377845 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/377845/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15516 | third-party-advisory |
| https://vuldb.com/submit/848741 | third-party-advisory |
| https://github.com/trustbigcat/CVE/ | exploit |
| https://github.com/magicblack/maccms10/releases?p… | patch |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | MacCMS Pro |
Affected:
2022.1000.3005
Unaffected: 2022.1000.3025 cpe:2.3:a:maccms_pro:maccms_pro:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T15:20:20.657594Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T15:22:08.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:maccms_pro:maccms_pro:*:*:*:*:*:*:*:*"
],
"modules": [
"Installation Module"
],
"product": "MacCMS Pro",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2022.1000.3005"
},
{
"status": "unaffected",
"version": "2022.1000.3025"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "luther (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in MacCMS Pro up to 2022.1000.3005. Impacted is the function step5 of the file application/install/controller/Index.php of the component Installation Module. The manipulation results in authorization bypass. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. Upgrading to version 2022.1000.3025 is recommended to address this issue. Upgrading the affected component is recommended."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T00:15:08.047Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377845 | MacCMS Pro Installation Index.php step5 authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/377845"
},
{
"name": "VDB-377845 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377845/cti"
},
{
"name": "CVE-2026-15516 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15516"
},
{
"name": "Submit #848741 | maccms maccms10 10 Logical Vulnerability / Auth Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/848741"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/trustbigcat/CVE/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/magicblack/maccms10/releases?page=3#release-v2022.1000.3025"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-12T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-12T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-12T13:10:44.000Z",
"value": "VulDB entry last update"
}
],
"title": "MacCMS Pro Installation Index.php step5 authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15516",
"datePublished": "2026-07-13T00:15:08.047Z",
"dateReserved": "2026-07-12T11:05:41.518Z",
"dateUpdated": "2026-07-13T15:22:08.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15389 (GCVE-0-2026-15389)
Vulnerability from cvelistv5 – Published: 2026-07-14 10:10 – Updated: 2026-07-14 12:08- CWE-639 - Authorization bypass through User-Controlled key
| Vendor | Product | Version | |
|---|---|---|---|
| Sesame Time | Sesame Time |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T12:07:58.958824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:08:21.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sesame Time",
"vendor": "Sesame Time",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Miguel Jim\u00e9nez C\u00e1mara"
}
],
"datePublic": "2026-07-14T10:07:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier (USID) as the sole validation mechanism, without verifying whether that identifier legitimately belongs to the user making the request. As a result, an attacker who obtains a valid USID can impersonate a victim\u2019s session and access their confidential information, including emails, user IDs, roles and corporate data. This vulnerability is exacerbated by poor session lifecycle management: new logins generate additional USIDs without revoking the previous ones, allowing multiple active sessions to coexist and thereby expanding the attack surface."
}
],
"value": "A vulnerability relating to insufficient access control has been identified in the session management of the Sesame Time web application and its REST v3 API. The flaw lies in the fact that the system uses the session identifier (USID) as the sole validation mechanism, without verifying whether that identifier legitimately belongs to the user making the request. As a result, an attacker who obtains a valid USID can impersonate a victim\u2019s session and access their confidential information, including emails, user IDs, roles and corporate data. This vulnerability is exacerbated by poor session lifecycle management: new logins generate additional USIDs without revoking the previous ones, allowing multiple active sessions to coexist and thereby expanding the attack surface."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization bypass through User-Controlled key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T10:10:29.514Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-sesame-time-session-management"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The vulnerability has been fixed by the Sesame Time team in the latest available version.\u003cbr\u003e\u003cbr\u003eThe update includes improvements to the authentication mechanism and strengthens authorisation checks on the server to ensure that each session can only access information associated with the authenticated user."
}
],
"value": "The vulnerability has been fixed by the Sesame Time team in the latest available version.\n\nThe update includes improvements to the authentication mechanism and strengthens authorisation checks on the server to ensure that each session can only access information associated with the authenticated user."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Inadequate access control in Sesame Time session management",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2026-15389",
"datePublished": "2026-07-14T10:10:29.514Z",
"dateReserved": "2026-07-10T11:40:35.281Z",
"dateUpdated": "2026-07-14T12:08:21.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15191 (GCVE-0-2026-15191)
Vulnerability from cvelistv5 – Published: 2026-07-09 16:00 – Updated: 2026-07-14 00:59| URL | Tags |
|---|---|
| https://vuldb.com/vuln/377117 | vdb-entry |
| https://vuldb.com/vuln/377117/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15191 | third-party-advisory |
| https://vuldb.com/submit/851622 | third-party-advisory |
| https://github.com/mettle/sendportal/issues/339 | exploitissue-tracking |
| https://github.com/mettle/sendportal/ | product |
| Vendor | Product | Version | |
|---|---|---|---|
| mettle | sendportal |
Affected:
3.0.0
Affected: 3.0.1 cpe:2.3:a:mettle:sendportal:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15191",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-14T00:59:05.928272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T00:59:15.934Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mettle:sendportal:*:*:*:*:*:*:*:*"
],
"modules": [
"Campaign Creation Endpoint"
],
"product": "sendportal",
"vendor": "mettle",
"versions": [
{
"status": "affected",
"version": "3.0.0"
},
{
"status": "affected",
"version": "3.0.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Superman_04 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T16:00:08.591Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-377117 | mettle sendportal Campaign Creation Endpoint CampaignStoreRequest.php authorization",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/vuln/377117"
},
{
"name": "VDB-377117 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/377117/cti"
},
{
"name": "CVE-2026-15191 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15191"
},
{
"name": "Submit #851622 | Mettle SendPortal Latest Authorization Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/851622"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mettle/sendportal/issues/339"
},
{
"tags": [
"product"
],
"url": "https://github.com/mettle/sendportal/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-09T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-09T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-09T07:39:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "mettle sendportal Campaign Creation Endpoint CampaignStoreRequest.php authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15191",
"datePublished": "2026-07-09T16:00:08.591Z",
"dateReserved": "2026-07-09T05:33:07.527Z",
"dateUpdated": "2026-07-14T00:59:15.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15159 (GCVE-0-2026-15159)
Vulnerability from cvelistv5 – Published: 2026-07-17 02:31 – Updated: 2026-07-17 10:24- CWE-639 - Authorization Bypass Through User-Controlled Key
| Vendor | Product | Version | |
|---|---|---|---|
| SaturdayDrive | Ninja Forms - Excel Export |
Affected:
0 , ≤ 3.3.6
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-17T10:24:43.731856Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T10:24:54.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ninja Forms - Excel Export",
"vendor": "SaturdayDrive",
"versions": [
{
"lessThanOrEqual": "3.3.6",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Chu Thao Mai"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Ninja Forms - Excel Export plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.3.6 via the \u0027spreadsheet_export_form_id\u0027 parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to enumerate any Ninja Forms form ID and download all stored submission data \u2014 including names, email addresses, phone numbers, physical addresses, and any other PII collected by site forms \u2014 as a downloadable XLSX file."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-17T02:31:31.480Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/783ccf21-db16-4aac-9a3c-992b3aac5526?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ninja-forms-excel-export/trunk/ninja-forms-excel-export.php#L187"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-08T20:50:55.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2026-07-16T13:43:17.000Z",
"value": "Disclosed"
}
],
"title": "Ninja Forms - Excel Export \u003c= 3.3.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Data Disclosure via \u0027spreadsheet_export_form_id\u0027 Parameter"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-15159",
"datePublished": "2026-07-17T02:31:31.480Z",
"dateReserved": "2026-07-08T20:16:32.126Z",
"dateUpdated": "2026-07-17T10:24:54.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15058 (GCVE-0-2026-15058)
Vulnerability from cvelistv5 – Published: 2026-07-14 18:11 – Updated: 2026-07-15 14:46- CWE-639 - Authorization bypass through User-Controlled key
| Vendor | Product | Version | |
|---|---|---|---|
| Devolutions | Server |
Affected:
0 , < 2026.1.23
(custom)
Affected: 0 , < 2026.2.12 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-15058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-15T14:45:11.844847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T14:46:13.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Server",
"vendor": "Devolutions",
"versions": [
{
"lessThan": "2026.1.23",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "2026.2.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user\u0027s messages via a direct object reference to the message identifier."
}
],
"value": "Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user\u0027s messages via a direct object reference to the message identifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization bypass through User-Controlled key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T18:11:10.858Z",
"orgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"shortName": "DEVOLUTIONS"
},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2026-0024/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "bfee16bd-18e6-446c-9a65-f5b2e3d89c23",
"assignerShortName": "DEVOLUTIONS",
"cveId": "CVE-2026-15058",
"datePublished": "2026-07-14T18:11:10.858Z",
"dateReserved": "2026-07-08T13:55:05.553Z",
"dateUpdated": "2026-07-15T14:46:13.929Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-15036 (GCVE-0-2026-15036)
Vulnerability from cvelistv5 – Published: 2026-07-08 14:30 – Updated: 2026-07-08 15:38| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376787 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376787/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-15036 | third-party-advisory |
| https://vuldb.com/submit/851013 | third-party-advisory |
| https://github.com/harness/harness/issues/3689 | exploitissue-tracking |
| https://github.com/harness/harness/ | product |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-15036",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T15:38:03.057690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T15:38:36.035Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:harness:harness:*:*:*:*:*:*:*:*"
],
"modules": [
"gitspaces Endpoint"
],
"product": "Harness",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.28.0"
},
{
"status": "affected",
"version": "2.28.1"
},
{
"status": "affected",
"version": "2.28.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "geochen (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T14:30:07.802Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376787 | Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376787"
},
{
"name": "VDB-376787 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376787/cti"
},
{
"name": "CVE-2026-15036 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-15036"
},
{
"name": "Submit #851013 | harness gitness 2.28.2 Authorization Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/851013"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/harness/harness/issues/3689"
},
{
"tags": [
"product"
],
"url": "https://github.com/harness/harness/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-08T09:51:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "Harness gitspaces Endpoint list_all.go getAuthorizedSpaces authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-15036",
"datePublished": "2026-07-08T14:30:07.802Z",
"dateReserved": "2026-07-08T07:46:03.631Z",
"dateUpdated": "2026-07-08T15:38:36.035Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.