CVE-2026-4320
Authorization Bypass in Creartia ICMS via HTTP Redirect Manipulation
Publication date: 2026-05-18
Last updated on: 2026-05-18
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| creartia | icms | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-288 | The product requires authentication, but the product has an alternate path or channel that does not require authentication. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized access to protected features and privilege escalation without credentials, which could lead to unauthorized system access and potential security breaches.
Such unauthorized access and security breaches may impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.
Therefore, if this vulnerability is exploited and not mitigated, it could result in non-compliance with these regulations due to failure to adequately protect data and control access.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized system access and potential security breaches.
Attackers can gain access to protected features and escalate privileges without needing valid credentials, which could compromise the integrity and confidentiality of your system.
If left unpatched, it poses a high risk to the security of affected systems.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the CVE-2026-4320 vulnerability, users should update their Creartia ICMS software to the latest patched version released by Creartia.
Applying the official patch will prevent attackers from exploiting the authorization bypass via HTTP redirect header manipulation during the login process.
Can you explain this vulnerability to me?
CVE-2026-4320 is a critical authorization bypass vulnerability in Creartia's ICMS Content Management software.
The flaw allows attackers to bypass authentication by manipulating HTTP redirect headers during the login process.
This manipulation causes the script to continue running, enabling unauthorized access to protected features and privilege escalation without requiring valid credentials.