A vulnerability categorized as problematic has been discovered in Roskus Prospero Flow CRM up to 5.13.x. This impacts an unknown function of the file /customer/import/excel/save of the component Import Handler. The manipulation of the argument company_id results in authorization bypass.

This vulnerability is reported as CVE-2026-59236. The attack can be launched remotely. No exploit exists.