PatchSiren cyber security CVE debrief
CVE-2026-4320 Creartia Internet Consulting CVE debrief
CVE-2026-4320 is a critical authorization bypass in Creartia ICMS. According to the NVD record and the referenced INCIBE advisory, an attacker may be able to manipulate HTTP redirect headers during the login flow so the script continues running, leading to unauthorized access to protected features and privilege escalation without needing credentials.
- Vendor
- Creartia Internet Consulting
- Product
- ICMS Content Management
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-18
- Original CVE updated
- 2026-05-18
- Advisory published
- 2026-05-18
- Advisory updated
- 2026-05-18
Who should care
Organizations running Creartia ICMS, especially any internet-facing deployments, and the teams responsible for authentication, access control, reverse proxies, and application monitoring.
Technical summary
The supplied NVD entry maps this issue to CWE-288 (authentication bypass by alternate path or channel). The reported attack path is network-reachable, requires no prior privileges, and needs no user interaction. The flaw is described as a login-process weakness where redirect headers can be manipulated so execution continues instead of enforcing the intended access control path, which can expose protected functionality and higher-privilege actions.
Defensive priority
Urgent. The issue is rated CVSS 9.3 Critical, is reachable over the network, and does not require credentials or user interaction according to the supplied record.
Recommended defensive actions
- Identify all Creartia ICMS deployments, including test and staging environments.
- Treat exposed ICMS instances as high priority until patched or otherwise mitigated.
- Review the referenced INCIBE advisory and any vendor guidance for fixes or temporary mitigations.
- Restrict external access to ICMS administrative and login endpoints where feasible.
- Monitor authentication and authorization logs for unusual redirects, repeated login-flow anomalies, or unexpected access to protected functions.
- Validate that reverse proxies, WAF rules, and application controls are not allowing header manipulation to alter authentication flow.
Evidence notes
Evidence in the supplied corpus comes from the official NVD record and the referenced INCIBE advisory URL. The NVD metadata lists the vulnerability as Received, includes a primary weakness of CWE-288, and provides a CVSS v4.0 vector showing network attack, no privileges, no user interaction, and high confidentiality/integrity impact. The vendor/product mapping in the prompt is low-confidence, so product naming should be treated cautiously outside the cited references.
Official resources
-
CVE-2026-4320 CVE record
CVE.org
-
CVE-2026-4320 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
Publicly disclosed on 2026-05-18 through the NVD record, which references an INCIBE advisory about an authorization bypass in ICMS content management software.