CVE-2026-11521

MEDIUM

Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization

Title source: cna
STIX 2.1

Description

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction Endpoint. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

References (6)

Core 6
Core References
Vdb Entry vdb-entry
VDB-369141 | Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization
https://vuldb.com/vuln/369141
Signature, Permissions Required signature permissions-required
VDB-369141 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/369141/cti
Third Party Advisory third-party-advisory
CVE-2026-11521 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11521
Third Party Advisory third-party-advisory
Submit #836452 | Mohammed-eid35 bank-management-system-springboot 1 Authentication Bypass by Primary Weakness
https://vuldb.com/submit/836452

Scores

CVSS v3 6.3
EPSS 0.0027
EPSS Percentile 18.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-266 CWE-285
Status published
Products (1)
Mohammed-eid35/bank-management-system-springboot 7b9bcc65ad7df3db29af71aed9bb500e5f24d948
Published Jun 08, 2026
Tracked Since Jun 08, 2026