CVE-2026-24566
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2026-24566, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-23

Last updated on: 2026-01-26

Assigner: Patchstack

Description

Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through <= 1.2.4.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-23
Last Modified
2026-01-26
Generated
2026-07-06
AI Q&A
2026-01-23
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
inet inet_webkit to 1.2.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-24566 is a Broken Access Control vulnerability in the WordPress iNET Webkit Plugin (versions up to 1.2.4). It occurs due to missing authorization, authentication, or nonce token checks in certain plugin functions, which allows users with contributor or developer privileges to perform actions that should be restricted to higher privilege levels. [1]

Impact Analysis

This vulnerability allows users with at least contributor or developer privileges to perform unauthorized actions reserved for higher privilege levels, potentially leading to unauthorized changes or access within the plugin. However, the impact is considered low priority and exploitation is unlikely. [1]

Detection Guidance

Detection of this vulnerability involves checking for unauthorized access attempts or actions performed without proper authorization in the iNET Webkit Plugin up to version 1.2.4. Since the issue is due to missing authorization checks allowing unprivileged users to perform privileged actions, monitoring logs for unusual privilege escalations or access patterns related to the plugin is recommended. Specific commands are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the iNET Webkit Plugin to trusted users only, monitoring for suspicious activity, and applying any available security controls to limit contributor or developer level access. Since no official fix or patched version is currently available, using Patchstack's mitigation and security intelligence services is recommended to address the vulnerability promptly. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24566. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart