CVE-2026-15186
Deferred Deferred - Pending Action

Improper Resource Control in MacroZheng Mall Portal Endpoint

Vulnerability report for CVE-2026-15186, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: VulDB

Description

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor deleted the GitHub issue for this vulnerability without any explanation.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
macrozheng mall to 1.0.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-99 The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in macrozheng mall up to version 1.0.3, specifically in the Portal Endpoint component's /returnApply/create file. It involves improper control of resource identifiers due to manipulation of the argument orderId. This flaw can be exploited remotely, and a public exploit is available.

Impact Analysis

The vulnerability allows an attacker to manipulate resource identifiers remotely, which can lead to unauthorized access or actions related to order returns. This could result in data integrity issues, unauthorized operations, or potential disruption of service.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15186. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart