CVE-2026-3263
Improper Authorization in go2ismail Security API Enables Remote Access
Publication date: 2026-02-26
Last updated on: 2026-03-03
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| go2ismail | asp.net-core-inventory-order-management-system | to 9.20250118 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the go2ismail Asp.Net-Core-Inventory-Order-Management-System up to version 9.20250118. It affects an unknown functionality within the /api/Security/ file of the Security API component. The issue is caused by improper authorization due to manipulation, which can be exploited remotely.
How can this vulnerability impact me? :
The vulnerability allows an attacker to perform unauthorized actions remotely by exploiting improper authorization in the Security API. This could lead to unauthorized access or manipulation of sensitive inventory or order management data, potentially compromising system integrity and confidentiality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know