LOW
Sushmi-pal
CVE published 2026-05-25
CVE-2026-9410
A low-severity improper authorization vulnerability in Sushmi-pal Invoice-System allows authenticated remote attackers to manipulate the ID parameter in the /profile endpoint, potentially leading to unauthorized access within the Profile Workflow component. The vulnerability affects versions up to commit a0a3faa16dee2621b231ae227333f5761607283b. The vendor was contacted but did not respond, and exploit de [truncated]