NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-5798

Summary	Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee (first names, last names, roles, job titles, and vacation records, among others) by modifying that identifier in requests sent to the server.
Publication Date	May 14, 2026, 10:16 p.m.
Registration Date	May 15, 2026, 4:24 a.m.
Last Update	May 15, 2026, 1:46 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-stel-order	cve-coordination@incibe.es

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-639	ユーザ制御の鍵による認証回避	https://cwe.mitre.org/data/definitions/639.html