A vulnerability was found in crewhrm Crew HRM Plugin up to 1.2.2. It has been rated as critical. Impacted is the function
Dispatcher::dispatch of the component Dispatcher. The manipulation of the argument job_id leads to authorization bypass.
This vulnerability is referenced as CVE-2026-9237. Remote exploitation of the attack is possible. No exploit is available.