A vulnerability, which was classified as problematic, has been found in ChurchCRM up to 7.3.x. This affects the function
isAdmin of the file CSVCreateFile.php of the component CSV bulk-export endpoint. The manipulation leads to improper authorization.
This vulnerability is referenced as CVE-2026-58408. Remote exploitation of the attack is possible. No exploit is available.