PatchSiren cyber security CVE debrief
CVE-2026-11521 Mohammed-eid35 CVE debrief
CVE-2026-11521 is a security vulnerability detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. The vulnerability affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction Endpoint, leading to improper authorization. The attack can be launched remotely, and the exploit has been disclosed publicly and may be used. The product follows a rolling release approach for continuous delivery, so version details for affected and updated releases are not available. The project was informed early through an issue report but has not responded yet.
- Vendor
- Mohammed-eid35
- Product
- bank-management-system-springboot
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948 should be aware of this vulnerability and consider potential impacts on their systems.
Technical summary
CVE-2026-11521 has a CVSS score of 2.1 and is classified as LOW severity. The vulnerability is caused by improper authorization in the Transaction Endpoint component. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
LOW
Recommended defensive actions
- Consider reviewing and updating the affected component (TransactionController.java) to enforce proper authorization.
- Follow the project's rolling release approach to ensure the latest updates are applied.
- Monitor the project's response to the issue report for potential patches or updates.
Evidence notes
The vulnerability was detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. The exploit has been disclosed publicly and may be used.
Official resources
CVE-2026-11521 was published on 2026-06-08T15:16:44.000Z and modified on 2026-06-09T01:34:33.987Z.