PatchSiren cyber security CVE debrief
CVE-2026-11519 SourceCodester CVE debrief
A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
- Vendor
- SourceCodester
- Product
- Inventory System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of SourceCodester Inventory System 1.0 should apply patches or mitigations as soon as possible to prevent exploitation of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 2.1 and is classified as LOW severity. It is related to CWE-266 and CWE-285.
Defensive priority
LOW
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the affected file /Product_Inventory/api/users_handler.php.
- Monitor the system for suspicious activity.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd] respectively. Additional information can be found at [ref-4], [ref-5], [ref-6], [ref-7], and [ref-8].
Official resources
CVE-2026-11519 was published on 2026-06-08T15:16:43.610Z and modified on 2026-06-09T01:34:33.987Z.