By weakness (CWE)

CWE-639: related vulnerabilities

CVEs classified under CWE-639. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

14 published vulnerabilities

  • CVE-2025-14772HIGH 8.8

    CVE-2025-14772 is an authorization bypass flaw in ABB T-MAC Plus versions up to 4.0-24 that allows authenticated users to escalate their privileges beyond their intended permissions. An attacker who has already gained login credentials can manipulate user-controlled keys to circumvent access controls, gaining unauthorized access to sensitive functions or data they should not be able to reach. This is a post-authentication vulnerability requiring valid credentials to exploit, but poses significant risk because privilege escalation enables lateral movement and further system compromise within industrial control environments where T-MAC Plus is deployed.

  • CVE-2026-41084HIGH 7.5

    A flaw in Apache Airflow's task management API allows an authenticated user with editing permission on one workflow (DAG) to secretly modify task states in completely different workflows—including those owned by other teams. The vulnerability exploits a mismatch between authorization checks (which validate against the workflow in the URL) and the actual workflow being modified (specified in the request body). An attacker with legitimate access to edit one workflow can bypass permission controls to interfere with unrelated workflows, potentially disrupting operations, hiding failures, or triggering unintended task executions.

  • CVE-2026-23638MEDIUM 6.5

    Kiteworks, a platform designed to secure and control data sharing across organizations, contains a flaw that allows authenticated users to modify form approval workflows that belong to other users. The vulnerability stems from inadequate checks on who actually owns or has permission to modify a particular form's configuration. An attacker with valid Kiteworks credentials could exploit this to alter how forms route for approval, potentially disrupting legitimate business processes or gaining unauthorized visibility into sensitive approvals.

  • CVE-2026-24753MEDIUM 6.5

    Kiteworks Secure Data Forms contained an authorization flaw that allowed authenticated users to modify data forms and resources belonging to other users. The vulnerability stems from insufficient checks verifying that a user actually owns or has permission to modify a resource before allowing the action. Any authenticated user could exploit this by directly referencing another user's resource identifiers and making changes. This is categorized as an Insecure Direct Object Reference (IDOR) vulnerability. The issue is resolved in Kiteworks version 9.3.0 and later.

  • CVE-2026-3173MEDIUM 6.5

    The Meta Field Block plugin for WordPress has a permission-checking flaw that lets Contributor-level users and above read sensitive data stored in WordPress metadata. An attacker with basic contributor access can specify any object ID and type—bypassing the plugin's validation—to retrieve private information like user details, customer billing addresses, or other metadata that WordPress site administrators expected to keep hidden. On sites running e-commerce or membership plugins, this can expose personally identifiable information at scale.

  • CVE-2026-41141MEDIUM 6.5

    EspoCRM versions before 9.3.5 contain an access control bypass in the email template preparation endpoint. An authenticated user with basic EmailTemplate read permissions can extract sensitive field data from any Contact, Lead, Account, or User record by providing the target's email address—effectively circumventing role-based visibility restrictions. This allows lower-privileged users to read information they should not have access to, such as financial details, personal fields, or team-restricted records.

  • CVE-2026-10212MEDIUM 6.3

    A flaw in AstrBot version 4.24.2 allows an authenticated attacker to manipulate the session_id parameter in the astr_main_agent function, bypassing authorization checks. This means a logged-in user could potentially access or modify resources belonging to other users or perform actions they should not be permitted to perform. The vulnerability is remotely exploitable and public exploits are available.

  • CVE-2026-42999MEDIUM 6.0

    OpenStack Keystone contains a critical authorization bypass vulnerability that allows any authenticated user to escalate their privileges and access resources belonging to other users or projects. The vulnerability stems from a flaw in how Keystone processes policy enforcement—it blindly merges user-supplied JSON request data into the authorization check dictionary, overwriting the trusted database-sourced security context. This means an attacker can simply inject fake user IDs or project IDs into their API request to trick the system into granting them permissions they shouldn't have. The issue affects all versions before 29.0.2 and has existed since Rocky (14.0.0).

  • CVE-2026-24755MEDIUM 5.4

    Kiteworks, a platform for secure data sharing and management, contains a flaw in its Secure Data Forms feature that allows logged-in users to change permissions on files and folders belonging to other users. The vulnerability stems from the system not properly verifying whether a user actually owns or has authority over a resource before allowing permission changes. An attacker with valid credentials could exploit this to gain access to, or revoke access from, other users' sensitive data without authorization.

  • CVE-2026-10597MEDIUM 5.3

    OMICARD EDM, a product developed by ITPison, contains a vulnerability that allows attackers without credentials to access user email addresses by manipulating a specific parameter in a web request. No authentication is required, making this a direct and accessible attack surface. While the vulnerability does not allow attackers to modify data or disrupt service, the unauthorized disclosure of email addresses poses a clear privacy and information-gathering risk.

  • CVE-2026-10154MEDIUM 4.3

    Dolibarr ERP CRM versions 23.0.0, 23.0.1, and 23.0.2 contain an authorization bypass vulnerability in the user messaging module. An authenticated attacker can manipulate the ID parameter in htdocs/user/messaging.php to access or view information they should not have permission to see. The vulnerability requires valid login credentials but allows a logged-in user to circumvent access controls. Upgrading to version 23.0.3 resolves the issue.

  • CVE-2026-24756MEDIUM 4.3

    Kiteworks, a platform for secure data sharing and management, contains a flaw that allows authenticated users to modify data belonging to other users. The vulnerability stems from the application failing to properly verify that a user should have access to resources they're attempting to change. An attacker with valid credentials could exploit this to alter forms, templates, or other shared resources without authorization. The fix requires upgrading to version 9.3.0 or later.

  • CVE-2026-41160MEDIUM 4.3

    EspoCRM contains a logic flaw that allows lower-privileged users to pin notes they don't have permission to edit. The vulnerability stems from a timing issue in the API backend: the system modifies the note in the database before checking whether the user is actually authorized to do so. Even though the server returns an error message afterward, the damage is already done—the note remains pinned. This affects EspoCRM versions before 9.3.5.

  • CVE-2026-24761LOW 3.7

    CVE-2026-24761 is an authorization flaw in Kiteworks Secure Data Forms that allows authenticated users to view metadata belonging to other users. Because the system doesn't properly verify who owns a resource before allowing access, a legitimate user can craft requests to retrieve information about files and documents they shouldn't see. The vulnerability requires an attacker to already have valid credentials and involves a higher complexity of exploitation, which limits its risk profile. This affects Kiteworks versions before 9.3.0.