PatchSiren

axelor CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH axelor CVE published 2026-07-16

CVE-2026-63085

CVE-2026-63085 is an authorization bypass vulnerability in Axelor Open Platform versions 8.x prior to 8.2.2. Authenticated non-admin users can escalate privileges by exploiting unenforced field restrictions on nested relational save operations. This vulnerability allows attackers to modify sensitive User record fields such as roles and group by submitting changes through a related entity's save path, bypa [truncated]