CVE-2026-1203
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-20

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in CRMEB up to 5.6.3. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is regarded as difficult. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-01-20
EPSS Evaluated
2026-05-05
NVD
CVE-2026-1203
EUVD
EUVD-2026-3485
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
crmeb crmeb to 5.6.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-1203 is an authentication bypass vulnerability in CRMEB versions up to 5.6.3. It occurs in the remoteRegister function of the JSON Token Handler component, where the system improperly processes JSON Web Tokens (JWTs) by decoding them without verifying their cryptographic signatures. This allows an attacker to forge arbitrary tokens and manipulate the uid argument to bypass authentication, enabling them to create fake accounts or log in as any user without proper credentials. [2, 3]


How can this vulnerability impact me? :

This vulnerability can impact you by allowing attackers to bypass authentication remotely with a high level of complexity. They can create unlimited fake accounts or log in as any existing user by specifying any user ID, compromising the confidentiality, integrity, and availability of your system. This could lead to unauthorized access, data breaches, and potential disruption of services. [2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by searching for the vulnerable endpoint in your system or network, specifically the remoteRegister function in crmeb/app/services/user/LoginServices.php. One suggested method is using Google dorking with queries like 'inurl:crmeb/app/services/user/LoginServices.php' to locate vulnerable targets. Additionally, monitoring for unusual authentication attempts or creation of fake accounts via manipulation of the uid parameter may indicate exploitation attempts. Specific commands are not provided in the resources. [3]


What immediate steps should I take to mitigate this vulnerability?

No known countermeasures or mitigations have been identified for this vulnerability. It is suggested to replace the affected component or product (CRMEB up to version 5.6.3) to mitigate the risk. Since the vendor has not responded, upgrading to a non-vulnerable version or applying custom patches to ensure proper JWT signature verification would be advisable. [3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart