CVE-2026-2141

Medium CVSS: 5.3

A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

5kcrm

Product

Wukongcrm

CWE

CWE-266

Yayın Tarihi

2026-02-08 08:15:52

Güncelleme

2026-03-05 21:21:45

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-266 Wukongcrm MEDIUM 5kcrm 2026

Referanslar

https://github.com/SourByte05/SourByte-Lab/issues/8 https://vuldb.com/?ctiid.344776 https://vuldb.com/?id.344776 https://vuldb.com/?submit.747264

Benzer Kayıtlar

Medium

CVE-2025-60828

WukongCRM-9.0-JAVA was discovered to contain a fastjson deserialization vulnerability via the /OaExamine/setOaExamine in…

Medium

CVE-2025-8852

A vulnerability was identified in WuKongOpenSource WukongCRM 11.0. This affects an unknown part of the file /adminFile/u…

Medium

CVE-2025-5521

A vulnerability was found in WuKongOpenSource WukongCRM 9.0. It has been declared as problematic. Affected by this vulne…