CVE-2026-35552 - CAXperts UPVWebServices and UDiTH Portal Improper Authorization Vulnerability
CVE ID :CVE-2026-35552
Published : July 8, 2026, 10:17 p.m. | 28 minutes ago
Description :In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's license.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : July 8, 2026, 10:17 p.m. | 28 minutes ago
Description :In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's license.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...