A vulnerability described as critical has been identified in Qt Axivion up to 7.8.12/7.9.12/7.10.10/7.11.6/7.12.1. Affected is the function
token of the file /api/users of the component API endpoint. Executing a manipulation of the argument User can lead to permission issues.
This vulnerability is registered as CVE-2026-12593. It is possible to launch the attack remotely. No exploit is available.