A vulnerability was found in Roskus Prospero Flow CRM up to 5.5.2. It has been declared as problematic. The impacted element is the function get of the file app/Http/Controllers/Api/BankAccount/BankAccountListController.php of the component BankAccountListController. Executing a manipulation of the argument company_id can lead to missing authorization.

This vulnerability is registered as CVE-2026-59235. It is possible to launch the attack remotely. No exploit is available.