CVE-2026-5326

CWE-285CWE-639Insecure Direct Object ReferenceCWE-8256 documents6 sources
Severity
5.5MEDIUM
EPSS
0.0%
top 87.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sourcecodester Leave Application System
Timeline
PublishedApr 2

Description

A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manage_user of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. The exploit is publicly available and might be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-x3j8-jq3m-7644: A vulnerability was identified in SourceCodester Leave Application System 12026-04-02
CVEList
SourceCodester Leave Application System User Information index.php authorization2026-04-02
OSV
wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()2026-03-25

📋Vendor Advisories

1
Red Hat
kernel: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()2026-03-25
CVE-2026-5326 (MEDIUM CVSS 5.5) | A vulnerability was identified in S | cvebase.io