PatchSiren cyber security CVE debrief
CVE-2026-11336 tittuvarghese CVE debrief
CVE-2026-11336 is an improper authorization vulnerability in the College Management System. Affected is an unknown function of the file dashboard_page/admin_page.php of the component Admin Interface. The manipulation of the argument UserAuthData leads to improper authorization. The attack may be initiated remotely.
- Vendor
- tittuvarghese
- Product
- CollegeManagementSystem
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-09
Who should care
Administrators and users of the College Management System should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by improper authorization in the College Management System. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
Low
Recommended defensive actions
- Apply updates or patches as soon as they are available.
- Monitor the system for suspicious activity.
- Restrict access to the Admin Interface.
Evidence notes
The vulnerability was disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Official resources
CVE-2026-11336 was published on 2026-06-05T16:16:41.077Z and modified on 2026-06-09T17:17:00.583Z.