EUVD-2026-30269

ID: EUVD-2026-30269

Severity: high

CVSS v4: 7.1 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee (first names, last names, roles, job titles, and vacation records, among others) by modifying that identifier in requests sent to the server.

Timestamps

Normalized: 2026-05-14T15:15:40Z UTC
Last updated: 2026-05-14T15:15:40Z UTC

References

No references provided.

VulnAI

EUVD-2026-30269

Description

Timestamps

References