EUVD-2026-28591

ID: EUVD-2026-28591

Severity: high

CVSS v4: 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escalate privileges and gain full administrative access. This vulnerability allows all restrictions to be bypassed and completely compromises system management.

Timestamps

Normalized: 2026-05-08T14:14:58Z UTC
Last updated: 2026-05-08T14:14:58Z UTC

References

No references provided.

VulnAI

EUVD-2026-28591

Description

Timestamps

References