CVE-2026-3185 | feiyuchuixue sz-boot-parent up to 1.3.2-beta API Endpoint /api/admin/sys-message/ messageId authorization

A vulnerability labeled as critical has been found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass.

This vulnerability is reported as CVE-2026-3185. The attack can be launched remotely. Moreover, an exploit is present.

The affected component should be upgraded.

The project was informed beforehand and acted very professional: “We have implemented message ownership verification, so that users can only query messages related to themselves.”

CVE-2026-3185 | feiyuchuixue sz-boot-parent up to 1.3.2-beta API Endpoint /api/admin/sys-message/ messageId authorization

Post correlati

CVE-2023-38293 | Nokia C100/C200 command injection

CVE-2024-56569 | Linux Kernel up to 6.12.3 stack_trace_filter null pointer dereference

CVE-2024-46274 | cute_headers cute_png 1.05 cute_png.h cp_stored heap-based overflow

CVE-2023-46809 | Node.js Crypto Library privateDecrypt Bleichenbacher timing discrepancy