CRITICAL
Creartia Internet Consulting
CVE published 2026-05-18
CVE-2026-4320
CVE-2026-4320 is a critical authorization bypass in Creartia ICMS. According to the NVD record and the referenced INCIBE advisory, an attacker may be able to manipulate HTTP redirect headers during the login flow so the script continues running, leading to unauthorized access to protected features and privilege escalation without needing credentials.