CVE-2026-3020
IDOR Vulnerability in User Account Management Enables Account Takeover
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wakyma | wakyma | to 2026-02-19 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "CVE-2026-3020 is an Identity-Based Authorization Bypass (IDOR) vulnerability found in the Wakyma web application. It allows an attacker with limited privileges to modify the data of legitimate user accounts. Specifically, the attacker can change a victim's email address, validate the new email, and request password resets. This flaw enables the attacker to potentially take full control over other users' accounts."}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can have a severe impact as it allows an attacker to take complete control of other users' legitimate accounts. By changing the victim's email address and validating it, the attacker can reset passwords and gain unauthorized access to sensitive information and functionalities associated with those accounts. This compromises user privacy, security, and trust in the affected application."}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
CVE-2026-3020 is an Identity-Based Authorization Bypass (IDOR) vulnerability in the Wakyma web application that allows an attacker with limited privileges to modify legitimate user account data. Detection involves monitoring for unauthorized changes to user account details such as email address modifications, email validations, and password reset requests initiated by users without proper authorization.
Since this vulnerability requires limited privileges and does not require user interaction, network or system detection can focus on auditing logs for suspicious account modification activities, especially those involving email changes and password reset requests.
Specific commands are not provided in the available resources. However, general approaches include:
- Review application logs for unusual user account modifications.
- Monitor HTTP requests to endpoints handling user data changes for anomalous patterns.
- Use web application firewalls (WAF) to detect and block unauthorized API calls attempting to modify user data.
What immediate steps should I take to mitigate this vulnerability?
The vendor, Wakyma, has fixed CVE-2026-3020 in production since February 19, 2026. The immediate mitigation step is to update the Wakyma web application to the latest version that includes the security patches addressing this vulnerability.
Additional mitigation measures include:
- Restrict user privileges to the minimum necessary to reduce the risk of exploitation.
- Implement monitoring and alerting for suspicious account modifications.
- Use web application firewalls to block unauthorized attempts to modify user data.