CVE-2026-1202 | CRMEB up to 5.6.3 LoginController.php appleLogin openId improper authentication

A vulnerability was found in CRMEB up to 5.6.3. It has been classified as critical. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication.

This vulnerability is reported as CVE-2026-1202. The attack is possible to be carried out remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1202 | CRMEB up to 5.6.3 LoginController.php appleLogin openId improper authentication

Post correlati

CVE-2024-53194 | Linux Kernel up to 6.12.1 pci_slot_release use after free

CVE-2024-48456 | Netis Wifi Router MW5360 Admin Password Page information disclosure

CVE-2024-29031 | Meshery up to 0.7.16 GetMeshSyncResources order sql injection (GHSL-2023-249)

CVE-2024-53088 | Linux Kernel up to 5.15.171/6.1.116/6.6.60/6.11.7 i40e_add_filter race condition