CVE-2026-1597
Improper Authorization in Bdtask SalesERP Administrative Endpoint
Publication date: 2026-01-29
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bdtask | saleserp | 2026-01-16 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-1597 is a critical Broken Access Control vulnerability in Bdtask SalesERP. The issue occurs because the application fails to verify user roles on the server side when processing the ci_session cookie. This allows any authenticated user to bypass authorization checks and gain unauthorized access to administrative endpoints such as /add_role, /bank_list, /stock, and /purchase_list. As a result, normal users can escalate their privileges to admin level, enabling them to view, edit, delete sensitive data, and manage user roles without proper authorization. [1, 3]
How can this vulnerability impact me? :
This vulnerability can lead to a full compromise of the ERP system by allowing unauthorized users to escalate privileges to admin level. Attackers can access, modify, or delete sensitive business data, manipulate user roles, and control all administrative functions. This impacts the confidentiality, integrity, and availability of the system, potentially causing severe operational and financial damage. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing access to administrative endpoints such as /add_role, /bank_list, /stock, and /purchase_list using a normal authenticated user session with the ci_session cookie. If these admin endpoints are accessible without proper role verification, the system is vulnerable. Commands to test this could include using curl or similar HTTP clients to send requests with a normal user's ci_session cookie to these endpoints and checking if access is granted. For example: curl -b "ci_session=<user_session_cookie>" https://<target>/add_role -v. Lack of server-side role validation indicates the vulnerability. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing server-side role verification on all administrative endpoints to ensure that only users with appropriate roles can access them. Deploy centralized Role-Based Access Control (RBAC) middleware to enforce authorization checks. Bind the ci_session cookie to the user's role and permission state to prevent unauthorized access. Deny access to admin routes for users without admin privileges. Conduct a comprehensive authorization audit of the application. Since no vendor patch or countermeasure is currently available, consider replacing the affected product if possible. [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not explicitly discuss the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA. However, given that the vulnerability allows unauthorized access to administrative functions and sensitive ERP data, it likely poses a risk to data confidentiality and integrity, which are critical aspects of compliance with such regulations. Unauthorized access and potential data manipulation could lead to violations of data protection requirements. No direct statements about compliance impact are available in the provided resources. [1, 2, 3]