Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-2141 is a critical improper authorization vulnerability in WuKongOpenSource WukongCRM versions up to 11.3.3. It exists in the URL Handler component, specifically in the PermissionServiceImpl.java file. The flaw is due to incorrect or missing authorization checks, allowing unauthorized users to bypass authentication mechanisms.'}, {'type': 'paragraph', 'content': "Attackers can manipulate URL paths to bypass gateway authentication, gaining full permissions within the web system. This enables them to query user lists, retrieve user IDs, and reset any user's password without proper authorization."}, {'type': 'paragraph', 'content': 'The vulnerability can be exploited remotely via crafted HTTP POST requests to specific endpoints, and a public proof-of-concept exploit is available. The vendor was notified but has not responded or provided a fix.'}] [1, 2, 3]

Useful 0 Not Useful 0

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability allows attackers to gain unauthorized access to the WukongCRM system with full permissions.'}, {'type': 'list_item', 'content': 'Attackers can query sensitive user information, including user lists and IDs.'}, {'type': 'list_item', 'content': "Attackers can arbitrarily reset any user's password, potentially taking over user accounts."}, {'type': 'list_item', 'content': 'Attackers can perform unauthorized data operations such as addition, deletion, modification, and querying.'}, {'type': 'list_item', 'content': "The system's confidentiality, integrity, and availability can be compromised."}, {'type': 'list_item', 'content': 'Potential system crashes may occur due to exploitation.'}] [1, 2, 3]

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to exploit the improper authorization flaw via HTTP POST requests to specific endpoints that should require authentication.'}, {'type': 'list_item', 'content': 'Send an unauthorized POST request to `/adminUser/queryUserList///;name=/v2/api-docs` with a JSON payload like `{ "page": 1, "limit": 10 }` to check if user information is returned without proper authorization.'}, {'type': 'list_item', 'content': 'Send an unauthorized POST request to `/adminUser/resetPassword///;name=/v2/api-docs` with a JSON payload containing user IDs and a new password to test if password reset is possible without authentication.'}, {'type': 'paragraph', 'content': 'If these requests succeed without proper credentials, it indicates the presence of the vulnerability.'}] [3]

Useful 0 Not Useful 0

Mitigation Strategies

There are no official patches or vendor-provided mitigations available for this vulnerability as of the last update.

Immediate mitigation steps include:

• Restrict access to the affected WukongCRM system, especially the URL Handler component, by limiting network exposure and applying strict firewall rules.
• Monitor and block suspicious HTTP requests that attempt to exploit URL path manipulations such as appending sequences like `/adminUser/queryUserList///;name=/v2/api-docs` or `/adminUser/resetPassword///;name=/v2/api-docs`.
• Consider replacing or upgrading the affected component or product to a version that is not vulnerable, if available.

Due to the severity and ease of exploitation, proactive network monitoring and access control are critical until a patch or fix is released.

Useful 0 Not Useful 0