CVE-2026-10152
published 2026-05-30CVE-2026-10152: A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file…
PriorityP342medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.21%
10.7th percentile
A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| talelin | lin-cms-spring-boot | — | — |
| talelin | lin-cms-spring-boot | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
TaleLin lin-cms-spring-boot up to 0.2.1 book Endpoint BookController.java access control (Issue 336 / EUVD-2026-33471)
vuldb·2026-05-30·CVSS 2.1
CVE-2026-10152 [LOW] TaleLin lin-cms-spring-boot up to 0.2.1 book Endpoint BookController.java access control (Issue 336 / EUVD-2026-33471)
A vulnerability, which was classified as critical, was found in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls.
This vulnerability is cataloged as CVE-2026-10152. The attack may be launched remotely. Furthermore, there is an exploit available.
The project was informed of the problem early through an issue report but has not responded yet.
GHSA
A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1.
ghsa_unreviewed·2026-05-30
CVE-2026-10152 [LOW] CWE-266 A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1.
A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-30
Published