CVE-2026-39250
Authorization Bypass in Innoshop 0.6.0
Publication date: 2026-05-19
Last updated on: 2026-05-20
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| innoshop | innoshop | 0.6.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Innoshop 0.6.0 allows an attacker to bypass authorization controls and access backend application interfaces after logging into the frontend. This unauthorized access could lead to exposure or manipulation of sensitive data.
Such unauthorized access and potential data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of personal and sensitive information.
Can you explain this vulnerability to me?
This vulnerability is an authorization flaw in Innoshop version 0.6.0. After a user logs into the frontend, an attacker can bypass normal access controls and directly access backend application interfaces. This unauthorized access can allow the attacker to perform further dangerous operations within the application.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to backend systems after frontend login, potentially allowing attackers to perform harmful actions such as modifying data, accessing sensitive information, or disrupting application functionality.