CVE-2026-10152: Improper Access Control in TaleLin lin-cms-spring-boot Book Endpoint
A flaw in TaleLin's lin-cms-spring-boot framework (version 0.2.1 and earlier) allows authenticated users to bypass access controls on the book endpoint. An attacker with valid login credentials can manipulate requests to perform actions they should not be permitted to execute, such as viewing, modifying, or deleting book records without proper authorization checks. Proof-of-concept code is publicly available, increasing the risk of active exploitation.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.3 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Weaknesses (CWE)
- CWE-266, CWE-284
- Affected products
- 0 configuration(s)
- Published / Modified
- 2026-05-30 / 2026-06-17
NVD description (verbatim)
A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
5 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-10152 stems from improper access control enforcement in the BookController.java endpoint within lin-cms-spring-boot. The vulnerability exists in the book management functionality where authorization logic fails to properly validate user permissions before processing requests. An authenticated attacker (PR:L) can exploit this remotely over the network (AV:N) without requiring user interaction (UI:N). The flaw allows unauthorized access to, modification of, or deletion of book data, compromising both confidentiality and integrity of the application's data layer. The vulnerability is classified under CWE-266 (Improper Privilege Management) and CWE-284 (Improper Access Control), indicating a systemic weakness in role-based access control implementation.
Business impact
Organizations deploying lin-cms-spring-boot face data exposure and unauthorized modification risks. Authenticated users can escalate their privileges to access or alter book records beyond their assigned scope, potentially leading to data corruption, unauthorized content manipulation, or competitive intelligence leakage if sensitive books are stored in the system. The public availability of exploit code increases the likelihood of opportunistic attacks, particularly in shared or multi-tenant environments where internal actors may have compromised credentials.
Affected systems
All versions of TaleLin lin-cms-spring-boot up to and including version 0.2.1 are vulnerable. This includes applications deployed on Java-based infrastructure running Spring Boot. The vulnerability affects the book endpoint component specifically, though similar access control patterns elsewhere in the codebase should be reviewed for similar weaknesses.
Exploitability
Exploitation requires an attacker to already possess valid application credentials (login capability). Once authenticated, the attack is trivial to execute—no complex techniques, special privileges, or user interaction are needed. The CVSS Low Complexity (AC:L) rating and publicly disclosed proof-of-concept code mean that any user with basic technical knowledge can craft malicious requests. This significantly increases real-world risk for organizations with weak credential hygiene or high-turnover staff.
Remediation
Upgrade lin-cms-spring-boot to a patched version once released by the TaleLin project. Verify the patch against the official project repository or advisory. Until patching is possible, implement compensating controls: (1) restrict access to the book endpoint at the API gateway or reverse proxy level using fine-grained authorization rules; (2) enable comprehensive audit logging on BookController operations to detect anomalous activity; (3) conduct an access control code review of similar endpoints to identify related flaws; (4) limit authenticated user populations to trusted internal staff only.
Patch guidance
Monitor the TaleLin lin-cms-spring-boot GitHub repository and official security channels for patch availability. The vendor was informed early but has not yet responded, so updates may be delayed. When a patch is released, test it thoroughly in a staging environment before production deployment, as access control changes may affect legitimate application workflows. Verify that the patched version does not introduce breaking changes to your existing book management workflows.
Detection guidance
Monitor access logs for suspicious patterns in BookController requests from authenticated users: (1) multiple failed authorization responses followed by successful data access; (2) book deletion or modification by users whose role should not permit such actions; (3) rapid sequential requests accessing books outside the user's assigned collection or team; (4) requests modifying book metadata by non-admin accounts. Deploy Web Application Firewall (WAF) rules to detect and block requests with suspicious parameter manipulation or abnormal HTTP methods. Enable Spring Security debug logging to capture authorization failures for post-incident analysis.
Why prioritize this
Although the CVSS score is moderate (6.3), this vulnerability merits prompt attention because: (1) public exploits exist, lowering the attack barrier; (2) the vulnerability requires only basic authentication, not zero-day capability; (3) access control flaws are commonly exploited by insiders or attackers using compromised credentials; (4) the vendor has not yet responded, leaving no official patch timeline. Organizations with book-centric workflows, content management use cases, or multi-user environments should prioritize this higher than the base score suggests.
Risk score, explained
The CVSS 6.3 MEDIUM score reflects an authenticated attack vector (PR:L) that impacts confidentiality, integrity, and availability equally (C:L/I:L/A:L). The score does not escalate to HIGH because the attack requires prior authentication and does not affect the underlying system availability or allow complete data exfiltration. However, the real-world exploitability is amplified by the public proof-of-concept and the vendor's lack of response, warranting a risk posture slightly more aggressive than the base score.
Frequently asked questions
Do I need to be an administrator to exploit this vulnerability?
No. The vulnerability requires only standard user credentials. Any authenticated user can exploit it to access or modify book records beyond their authorized scope. This makes insider threats and credential compromise scenarios particularly concerning.
What should I do if I cannot patch immediately?
Implement network-level access controls to restrict who can reach the book endpoint, enable verbose audit logging on BookController operations, and conduct a manual code review of similar endpoints to identify other access control weaknesses. Consider temporarily disabling the book endpoint for non-administrative users if operationally feasible.
Is this vulnerability included in CISA's Known Exploited Vulnerabilities (KEV) catalog?
No, this vulnerability is not currently listed in the CISA KEV catalog. However, public exploits are available, and it may be added if exploitation trends escalate. Monitor CISA's catalog for updates.
Are other endpoints in lin-cms-spring-boot also affected?
The vulnerability is documented in the BookController, but similar improper access control patterns may exist elsewhere in the codebase. A comprehensive review of all controller-level authorization logic is recommended as a follow-up to patching.
This analysis is based on publicly available vulnerability data and vendor advisories as of the published date. Patch version numbers, remediation timelines, and vendor responses are subject to change. Organizations should verify all technical details against official TaleLin project announcements and security advisories before taking action. SEC.co does not provide legal advice; consult your organization's legal and compliance teams regarding disclosure obligations and incident response protocols. No exploit code or weaponized proof-of-concept is provided or endorsed by this analysis. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10255MEDIUMPharmacy Sales System Authentication Bypass – SourceCodester 1.0
- CVE-2026-10277MEDIUMImproper Access Control in MCP Google Workspace Gmail Tool
- CVE-2024-27891MEDIUMArista EOS MACsec + Egress ACL Policy Enforcement Failure
- CVE-2026-10070MEDIUMmacrozheng mall Admin Authorization Bypass in /admin/update/
- CVE-2026-10172MEDIUMBdtask Multi-Store Inventory 1.0 Unrestricted File Upload Vulnerability
- CVE-2026-10205MEDIUMUnrestricted File Upload in Metasoft MetaCRM 6.4.0 – Exploit Details & Remediation
- CVE-2026-10215MEDIUMDolibarr Leave Request API Authorization Bypass
- CVE-2026-10217MEDIUMGoClaw Privilege Escalation in RoleAdmin Gateway (CVSS 6.3)