CVE-2026-4320
Received Received - Intake
Authorization Bypass in Creartia ICMS via HTTP Redirect Manipulation

Publication date: 2026-05-18

Last updated on: 2026-05-18

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-18
Last Modified
2026-05-18
Generated
2026-06-10
AI Q&A
2026-05-19
EPSS Evaluated
2026-06-08
NVD
CVE-2026-4320
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
creartia icms *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthorized access to protected features and privilege escalation without credentials, which could lead to unauthorized system access and potential security breaches.

Such unauthorized access and security breaches may impact compliance with common standards and regulations like GDPR and HIPAA, which require strict access controls and protection of sensitive data.

Therefore, if this vulnerability is exploited and not mitigated, it could result in non-compliance with these regulations due to failure to adequately protect data and control access.

Impact Analysis

This vulnerability can lead to unauthorized system access and potential security breaches.

Attackers can gain access to protected features and escalate privileges without needing valid credentials, which could compromise the integrity and confidentiality of your system.

If left unpatched, it poses a high risk to the security of affected systems.

Mitigation Strategies

To mitigate the CVE-2026-4320 vulnerability, users should update their Creartia ICMS software to the latest patched version released by Creartia.

Applying the official patch will prevent attackers from exploiting the authorization bypass via HTTP redirect header manipulation during the login process.

Executive Summary

CVE-2026-4320 is a critical authorization bypass vulnerability in Creartia's ICMS Content Management software.

The flaw allows attackers to bypass authentication by manipulating HTTP redirect headers during the login process.

This manipulation causes the script to continue running, enabling unauthorized access to protected features and privilege escalation without requiring valid credentials.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4320. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart