A vulnerability was found in ChurchCRM up to 7.3.x. It has been declared as critical. This affects an unknown part of the component Endpoint. Executing a manipulation of the argument FamilyID can lead to improper authorization.
This vulnerability is registered as CVE-2026-58410. It is possible to launch the attack remotely. No exploit is available.