CVE-2026-1597 | Bdtask SalesERP up to 20260116 Administrative Endpoint ci_session improper authorization

Inserito da Angelo Barbosa | Gen 29, 2026 | CVE

A vulnerability categorized as critical has been discovered in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization.

This vulnerability is listed as CVE-2026-1597. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-1597 | Bdtask SalesERP up to 20260116 Administrative Endpoint ci_session improper authorization

Post correlati

CVE-2025-15416 | xnx3 wangmarket up to 6.4 Add Global Variable /siteVar/save.do Remark/Variable Value cross site scripting

CVE-2024-32679 | Shared Files Plugin up to 1.7.16 on WordPress authorization

CVE-2024-12361 | FFmpeg up to 7.1 mpegvideo_enc.c ff_mpv_encode_picture null pointer dereference

CVE-2025-67876 | ChurchCRM up to 6.4.0 GroupView.php cross site scripting