CVE-2026-3020
Deferred Deferred - Pending Action
IDOR Vulnerability in User Account Management Enables Account Takeover

Publication date: 2026-03-16

Last updated on: 2026-05-19

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Identity based authorization bypass vulnerability (IDOR) that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password. This could allow them to take complete control of other users' legitimate accounts
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-3020
EUVD
EUVD-2026-12389
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wakyma wakyma to 2026-02-19 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-3020 is an Identity-Based Authorization Bypass (IDOR) vulnerability found in the Wakyma web application. It allows an attacker with limited privileges to modify the data of legitimate user accounts. Specifically, the attacker can change a victim's email address, validate the new email, and request password resets. This flaw enables the attacker to potentially take full control over other users' accounts."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can have a severe impact as it allows an attacker to take complete control of other users' legitimate accounts. By changing the victim's email address and validating it, the attacker can reset passwords and gain unauthorized access to sensitive information and functionalities associated with those accounts. This compromises user privacy, security, and trust in the affected application."}] [1]

Compliance Impact

I don't know

Detection Guidance

CVE-2026-3020 is an Identity-Based Authorization Bypass (IDOR) vulnerability in the Wakyma web application that allows an attacker with limited privileges to modify legitimate user account data. Detection involves monitoring for unauthorized changes to user account details such as email address modifications, email validations, and password reset requests initiated by users without proper authorization.

Since this vulnerability requires limited privileges and does not require user interaction, network or system detection can focus on auditing logs for suspicious account modification activities, especially those involving email changes and password reset requests.

Specific commands are not provided in the available resources. However, general approaches include:

  • Review application logs for unusual user account modifications.
  • Monitor HTTP requests to endpoints handling user data changes for anomalous patterns.
  • Use web application firewalls (WAF) to detect and block unauthorized API calls attempting to modify user data.
Mitigation Strategies

The vendor, Wakyma, has fixed CVE-2026-3020 in production since February 19, 2026. The immediate mitigation step is to update the Wakyma web application to the latest version that includes the security patches addressing this vulnerability.

Additional mitigation measures include:

  • Restrict user privileges to the minimum necessary to reduce the risk of exploitation.
  • Implement monitoring and alerting for suspicious account modifications.
  • Use web application firewalls to block unauthorized attempts to modify user data.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3020. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart