PatchSiren cyber security CVE debrief
CVE-2026-40795 TMS CVE debrief
A Subscriber Broken Access Control vulnerability was found in the Amelia plugin versions <= 2.2. This issue has a CVSS score of 6.5, indicating a MEDIUM severity level. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- TMS
- Product
- Amelia
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of the Amelia plugin, particularly those using versions <= 2.2, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is described as a Subscriber Broken Access Control issue in the Amelia plugin. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N, indicating that the vulnerability can be exploited over the network with low privileges required.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the Amelia plugin to a version greater than 2.2.
- Review and restrict access controls for subscribers in the Amelia plugin.
Evidence notes
The vulnerability was reported by [email protected] and is referenced in the NVD database.
Official resources
-
CVE-2026-40795 CVE record
CVE.org
-
CVE-2026-40795 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40795 was published on 2026-06-15T21:16:51.907Z and last modified on 2026-06-15T21:24:32.790Z.