HIGH
OS4ED
CVE published 2026-06-11
CVE-2026-8406
CVE-2026-8406 is a high-severity vulnerability in openSIS Classic 9.3. The vulnerability is caused by an insecure direct object reference in the messaging module. An authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value. The vulnerability has a CVSS score of 7.1 and is considered high severity. Th [truncated]