CVE-2026-3020
Deferred Deferred - Pending Action

IDOR Vulnerability in User Account Management Enables Account Takeover

Vulnerability report for CVE-2026-3020, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-16

Last updated on: 2026-05-19

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description

Identity based authorization bypass vulnerability (IDOR) that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other users' legitimate accounts

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-16
Last Modified
2026-05-19
Generated
2026-07-06
AI Q&A
2026-03-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wakyma wakyma to 2026-02-19 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-3020 is an Identity-Based Authorization Bypass (IDOR) vulnerability found in the Wakyma web application. It allows an attacker with limited privileges to modify the data of legitimate user accounts. Specifically, the attacker can change a victim's email address, validate the new email, and request password resets. This flaw enables the attacker to potentially take full control over other users' accounts."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can have a severe impact as it allows an attacker to take complete control of other users' legitimate accounts. By changing the victim's email address and validating it, the attacker can reset passwords and gain unauthorized access to sensitive information and functionalities associated with those accounts. This compromises user privacy, security, and trust in the affected application."}] [1]

Compliance Impact

I don't know

Detection Guidance

CVE-2026-3020 is an Identity-Based Authorization Bypass (IDOR) vulnerability in the Wakyma web application that allows an attacker with limited privileges to modify legitimate user account data. Detection involves monitoring for unauthorized changes to user account details such as email address modifications, email validations, and password reset requests initiated by users without proper authorization.

Since this vulnerability requires limited privileges and does not require user interaction, network or system detection can focus on auditing logs for suspicious account modification activities, especially those involving email changes and password reset requests.

Specific commands are not provided in the available resources. However, general approaches include:

  • Review application logs for unusual user account modifications.
  • Monitor HTTP requests to endpoints handling user data changes for anomalous patterns.
  • Use web application firewalls (WAF) to detect and block unauthorized API calls attempting to modify user data.
Mitigation Strategies

The vendor, Wakyma, has fixed CVE-2026-3020 in production since February 19, 2026. The immediate mitigation step is to update the Wakyma web application to the latest version that includes the security patches addressing this vulnerability.

Additional mitigation measures include:

  • Restrict user privileges to the minimum necessary to reduce the risk of exploitation.
  • Implement monitoring and alerting for suspicious account modifications.
  • Use web application firewalls to block unauthorized attempts to modify user data.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3020. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart