CVE-2026-32533
Received Received - Intake
Authorization Bypass in LatePoint ≀ 5.2.6 via Access Control Misconfiguration

Publication date: 2026-03-25

Last updated on: 2026-04-29

Assigner: Patchstack

Description
Authorization Bypass Through User-Controlled Key vulnerability in LatePoint LatePoint latepoint allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LatePoint: from n/a through <= 5.2.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-25
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-25
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32533
EUVD
EUVD-2026-15905
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
latepoint latepoint to 5.2.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Authorization Bypass Through User-Controlled Key issue in LatePoint. It occurs because of incorrectly configured access control security levels, which allows an attacker to bypass authorization mechanisms by manipulating user-controlled keys.

Impact Analysis

Exploiting this vulnerability can allow unauthorized users to bypass access controls, potentially gaining access to restricted functions or data within the LatePoint application. This could lead to unauthorized actions or data exposure.

Compliance Impact

The vulnerability allows unauthorized users to bypass authorization and authentication mechanisms, potentially granting access to sensitive files, folders, or database interactions.

Such unauthorized access could lead to exposure of personal or sensitive data, which may impact compliance with common standards and regulations like GDPR and HIPAA that require strict access controls and protection of sensitive information.

Therefore, if exploited, this vulnerability could result in non-compliance with these regulations due to inadequate access control and potential data breaches.

Detection Guidance

This vulnerability allows unauthorized users to bypass authorization and authentication mechanisms in the LatePoint WordPress plugin versions up to 5.2.6. Detection typically involves checking the plugin version and monitoring for unauthorized access attempts.

To detect if your system is vulnerable, first verify the installed version of the LatePoint plugin. If it is version 5.2.6 or earlier, it is vulnerable.

Example command to check the plugin version on a WordPress installation via command line:

  • grep -i 'Version' wp-content/plugins/latepoint/readme.txt

Additionally, you can monitor web server logs for suspicious access patterns that may indicate exploitation attempts, such as unauthorized access to sensitive endpoints or resources.

Mitigation Strategies

The primary and immediate mitigation step is to update the LatePoint plugin to version 5.2.7 or later, where this vulnerability has been patched.

If updating immediately is not possible, consider restricting access to the plugin's sensitive endpoints by implementing additional access controls or firewall rules to limit exposure.

Using security services such as Patchstack's mitigation services, which include auto-updates and protection for vulnerable plugins, can also help reduce risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32533. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart