NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-8077

Summary	Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escalate privileges and gain full administrative access. This vulnerability allows all restrictions to be bypassed and completely compromises system management.
Publication Date	May 8, 2026, 10:16 p.m.
Registration Date	May 9, 2026, 4:12 a.m.
Last Update	May 9, 2026, 12:51 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://labs.itresit.es/2026/05/07/cashdro-vulnerabilities-from-pentest-to-stealing-money/	cve-coordination@incibe.es
2	https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cashdro-3	cve-coordination@incibe.es
3	https://labs.itresit.es/2026/05/07/cashdro-vulnerabilities-from-pentest-to-stealing-money/	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List