CVE-2026-10284
MEDIUMDevaslanPHP project-management <= 2.0.0-beta1 - Incorrect Privilege Assignment in Livewire Handler
Title source: llmDescription
A flaw has been found in DevaslanPHP project-management up to 2.0.0-beta1. Affected by this vulnerability is the function editComment/doDeleteComment of the file app/Filament/Resources/TicketResource/Pages/ViewTicket.php of the component Livewire Handler. Executing a manipulation can lead to improper authorization. The attack can be executed remotely. The project was informed of the problem early through an issue report but has not responded yet.
References (6)
Core 6
Core References
Permissions Required, VDB Entry vdb-entry
technical-description
https://vuldb.com/vuln/367577
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/vuln/367577/cti
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/cve/CVE-2026-10284
Permissions Required, VDB Entry third-party-advisory
https://vuldb.com/submit/825473
Issue Tracking issue-tracking
https://github.com/devaslanphp/project-management/issues/140
Various Sources product
https://github.com/devaslanphp/project-management/
Scores
CVSS v3
5.4
EPSS
0.0023
EPSS Percentile
13.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-266
CWE-285
Status
published
Products (1)
DevaslanPHP/project-management
2.0.0-beta1
Published
Jun 01, 2026
Tracked Since
Jun 02, 2026