CVE-2026-1203 | CRMEB up to 5.6.3 JSON Token LoginServices.php remoteRegister uid improper authentication

A vulnerability was found in CRMEB up to 5.6.3. It has been declared as critical. The impacted element is the function remoteRegister of the file crmeb/app/services/user/LoginServices.php of the component JSON Token Handler. Executing a manipulation of the argument uid can lead to improper authentication.

This vulnerability appears as CVE-2026-1203. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1203 | CRMEB up to 5.6.3 JSON Token LoginServices.php remoteRegister uid improper authentication

Post correlati

CVE-2024-26609 | Linux Kernel up to 6.8-rc1 nf_tables core.c nf_hook_slow use after free

CVE-2025-14976 | User Registration & Membership Plugin up to 4.4.8 on WordPress Post process_row_actions cross-site request forgery

CVE-2023-5052 | Uniform Server Zero 10.2.5 Query /us_extra/phpinfo.php cross site scripting

CVE-2024-46872 | Mattermost up to 9.5.9/9.10.2/9.11.1 Playbook cross-site request forgery