CVE-2026-5228
Improper Access Control in WriteUp Mobile App
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: Computer Emergency Response Team of the Republic of Turkey
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kurt_software | writeup_mobile_app | From 1.3.0 (inc) to 04062026 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Access Control and Missing Authorization issue in the Kurt Software Studio WriteUp Mobile App. It allows users to access functionality that is not properly restricted by Access Control Lists (ACLs), meaning that certain features or actions within the app can be accessed without the necessary permissions.
How can this vulnerability impact me? :
The vulnerability can have a significant impact as it allows unauthorized users to access sensitive functionality within the WriteUp Mobile App. According to the CVSS score of 8.8, it can lead to high confidentiality, integrity, and availability impacts, meaning attackers could potentially view, modify, or disrupt data and operations within the app.