CVE-2026-39250

HIGH

Innoshop 0.6.0 - Authenticated Authorization Bypass

Title source: llm

Description

An authorization vulnerability exists in Innoshop 0.6.0. After logging into the frontend, an attacker can directly access backend application interfaces, leading to further dangerous operations.

References (2)

Core 2

Core References

https://www.innoshop.com/

https://gist.github.com/hkdmh/4af513ea7589212cb1d49bc5d972972e

Scores

CVSS v3 7.3

EPSS 0.0025

EPSS Percentile 15.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-284

Status published

Published May 19, 2026

Tracked Since May 19, 2026