CVE-2026-35552
Received Received - Intake

Authenticated API License Deactivation in CAXperts UPVWebServices

Vulnerability report for CVE-2026-35552, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: MITRE

Description

In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's license.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
caxperts upvwebservices From 2.4.2212.603 (inc) to 2.7.6 (inc)
udith portal From 2026.0.0 (inc) to 2026.2.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in CAXperts UPVWebServices versions 2.4.2212.603 through 2.7.6 and UDiTH Portal versions 2026.0.0 through 2026.2.0. An authenticated remote user can access an administrative API endpoint that is intended only for privileged users. Because the application lacks proper authorization checks on this endpoint, the attacker can misuse it to deactivate the application's license.

Impact Analysis

The impact of this vulnerability is that an authenticated attacker can deactivate the application's license by invoking an administrative API endpoint without proper authorization. This could disrupt the normal operation of the affected software, potentially causing service interruptions or loss of functionality that depends on a valid license.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-35552. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart