MEDIUM
ArnasDon
CVE published 2026-06-08
CVE-2026-49141
CVE-2026-49141 is a medium-severity vulnerability in WACRM's automation engine, allowing authenticated attackers to access and modify contacts across tenant boundaries. The vulnerability exists due to a lack of tenant ownership verification in the POST request body, enabling attackers to supply an arbitrary caller-controlled contact_id and bypass row-level security.