CVE-2026-3111
Deferred Deferred - Pending Action
IDOR Vulnerability in Campus Educativa Allows Unauthorized Photo Access

Publication date: 2026-03-16

Last updated on: 2026-05-19

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of all users via a manipulated URL, enabling them to collect user photos en masse. This could lead to these photos being used maliciously to impersonate identities, perform social engineering, link identities across platforms using facial recognition, or even carry out doxxing.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3111
EUVD
EUVD-2026-12379
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-3111 is an Insecure Direct Object Reference (IDOR) vulnerability found in Campus Educativa, an e-learning software for companies.'}, {'type': 'paragraph', 'content': "The vulnerability specifically affects the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg', which serves user profile photos in sizes 80x90 and 40x45 pixels."}, {'type': 'paragraph', 'content': 'An unauthenticated attacker can exploit this vulnerability by manipulating the URL to access profile photos of all users without authorization.'}, {'type': 'paragraph', 'content': 'This unauthorized access allows mass collection of user photos, which can be misused for identity impersonation, social engineering attacks, linking identities across platforms using facial recognition, or doxxing.'}] [1]

Impact Analysis

The vulnerability allows an attacker to access and collect profile photos of all users without authentication.

  • Identity impersonation using stolen photos.
  • Social engineering attacks leveraging user images.
  • Linking user identities across different platforms through facial recognition.
  • Doxxing or exposing personal information by distributing collected photos.
Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability can be detected by attempting to access the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' with manipulated user IDs and usernames in the URL to see if unauthorized profile photos are accessible."}, {'type': 'paragraph', 'content': 'A simple method to test this is to use command-line tools like curl or wget to request profile photo URLs with different user IDs and usernames and check if the server returns images without authentication.'}, {'type': 'list_item', 'content': 'curl -I https://[target-domain]/archivos/usuarios/1/username/thumb_AAxAA.jpg'}, {'type': 'list_item', 'content': 'curl -I https://[target-domain]/archivos/usuarios/2/otheruser/thumb_AAxAA.jpg'}, {'type': 'paragraph', 'content': 'If these requests return HTTP 200 responses with image content without requiring authentication, it indicates the presence of the vulnerability.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate step to mitigate this vulnerability is to upgrade Campus Educativa to version 14.05.00-159 or later, where the issue has been fixed.'}, {'type': 'paragraph', 'content': "Additionally, restrict access to the '/archivos/usuarios/' endpoint by implementing proper access controls to ensure that only authorized users can access profile photos."}, {'type': 'paragraph', 'content': 'Monitor access logs for unusual or unauthorized requests to user photo URLs and consider temporarily disabling public access to these resources until the patch is applied.'}] [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3111. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart