CVE-2026-3262
Received
Received - Intake
Remote Code Execution via Redirect in Asp.Net-Core Inventory System
Vulnerability report for CVE-2026-3262, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-02-26
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| go2ismail | asp.net-core-inventory-order-management-system | to 9.20250118 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-705 | The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition. |
| CWE-698 | The web application sends a redirect to another location, but instead of exiting, it executes additional code. |