CVE-2026-63082
Received Received - Intake

Authenticated Agent Privilege Escalation in Perfect Support Ticketing & Document Management System

Vulnerability report for CVE-2026-63082, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: VulnCheck

Description

Perfect Support Ticketing & Document Management System through 1.7 contains a broken access control vulnerability that allows authenticated attackers with Agent-level privileges to manipulate the Support Agent assignment field of tickets by bypassing intended authorization checks. Attackers can add or remove any user, including Superadmin accounts, from the Support Agent field of any ticket to which they are assigned, circumventing role-based access controls.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
perfect_support ticketing_and_document_management_system *
perfect_support ticketing_and_document_management_system to 1.7 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-63082 is a broken access control vulnerability in Perfect Support Ticketing & Document Management System v1.7. It allows authenticated attackers with Agent-level privileges to manipulate the Support Agent assignment field of tickets by bypassing intended authorization checks. Attackers can add or remove any user, including Superadmin accounts, from the Support Agent field of any ticket they are assigned to.

Detection Guidance

To detect this vulnerability, monitor for unauthorized modifications to ticket assignments in Perfect Support Ticketing System logs. Check for agents adding or removing users, especially Superadmin accounts, from tickets they are assigned to. Review system logs for unusual access patterns or privilege escalation attempts.

Impact Analysis

This vulnerability allows low-privileged Agents to perform unauthorized administrative actions. They can escalate privileges by adding or removing high-privileged users like Superadmins from tickets. This undermines the system's access control and could lead to unauthorized access, data manipulation, or further system compromise.

Compliance Impact

This vulnerability could lead to unauthorized access or data breaches, violating compliance requirements for GDPR and HIPAA. It undermines access controls and audit trails, potentially resulting in non-compliance with data protection regulations.

Mitigation Strategies

Immediately update Perfect Support Ticketing System to the latest version beyond 1.7. Restrict Agent-level privileges to only necessary functions and review all user assignments for unauthorized changes. Implement stricter access controls and audit logs to detect and prevent similar issues.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-63082. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart