← Voltar para CVEs
CVE-2026-6355
MEDIUM6.5
Descricao
A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration.
Detalhes CVE
Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/22/2026
Ultima modificacao4/22/2026
Fontenvd
Avistamentos honeypot0
Referencias
https://github.com/Penguinsecq/CVE-2026-6355/(cret@cert.org)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.