CVE-2026-32533
Authorization Bypass in LatePoint β€ 5.2.6 via Access Control Misconfiguration
Publication date: 2026-03-25
Last updated on: 2026-04-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| latepoint | latepoint | to 5.2.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized users to bypass authorization and authentication mechanisms, potentially granting access to sensitive files, folders, or database interactions.
Such unauthorized access could lead to exposure of personal or sensitive data, which may impact compliance with common standards and regulations like GDPR and HIPAA that require strict access controls and protection of sensitive information.
Therefore, if exploited, this vulnerability could result in non-compliance with these regulations due to inadequate access control and potential data breaches.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability allows unauthorized users to bypass authorization and authentication mechanisms in the LatePoint WordPress plugin versions up to 5.2.6. Detection typically involves checking the plugin version and monitoring for unauthorized access attempts.
To detect if your system is vulnerable, first verify the installed version of the LatePoint plugin. If it is version 5.2.6 or earlier, it is vulnerable.
Example command to check the plugin version on a WordPress installation via command line:
- grep -i 'Version' wp-content/plugins/latepoint/readme.txt
Additionally, you can monitor web server logs for suspicious access patterns that may indicate exploitation attempts, such as unauthorized access to sensitive endpoints or resources.
What immediate steps should I take to mitigate this vulnerability?
The primary and immediate mitigation step is to update the LatePoint plugin to version 5.2.7 or later, where this vulnerability has been patched.
If updating immediately is not possible, consider restricting access to the plugin's sensitive endpoints by implementing additional access controls or firewall rules to limit exposure.
Using security services such as Patchstack's mitigation services, which include auto-updates and protection for vulnerable plugins, can also help reduce risk.
Can you explain this vulnerability to me?
This vulnerability is an Authorization Bypass Through User-Controlled Key issue in LatePoint. It occurs because of incorrectly configured access control security levels, which allows an attacker to bypass authorization mechanisms by manipulating user-controlled keys.
How can this vulnerability impact me? :
Exploiting this vulnerability can allow unauthorized users to bypass access controls, potentially gaining access to restricted functions or data within the LatePoint application. This could lead to unauthorized actions or data exposure.