HIGH
axelor
CVE published 2026-07-16
CVE-2026-63085
CVE-2026-63085 is an authorization bypass vulnerability in Axelor Open Platform versions 8.x prior to 8.2.2. Authenticated non-admin users can escalate privileges by exploiting unenforced field restrictions on nested relational save operations. This vulnerability allows attackers to modify sensitive User record fields such as roles and group by submitting changes through a related entity's save path, bypa [truncated]