PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-3020 Wakyma CVE debrief

CVE-2026-3020 is an Identity-based authorization bypass vulnerability (IDOR) that allows an attacker to modify the data of a legitimate user account. The vulnerability has a CVSS score of 8.6 and is classified as HIGH severity. The CVE record was published on 2026-03-16T14:19:45.150Z and was last modified on 2026-05-19T15:41:54.553Z. This vulnerability allows an attacker to change a victim's email address, validate the new email address, and request a new password, potentially allowing them to take complete control of other users' legitimate accounts. Organizations using the affected application, particularly those with high-security requirements, should prioritize patching this vulnerability to prevent potential account takeovers. Further investigation is needed to determine the specific products and versions affected by this vulnerability.

Vendor
Wakyma
Product
Wakyma Web Application
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-16
Original CVE updated
2026-05-19
Advisory published
2026-03-16
Advisory updated
2026-05-19

Who should care

Organizations using the affected application, particularly those with high-security requirements, should prioritize patching this vulnerability to prevent potential account takeovers.

Technical summary

The vulnerability is an IDOR that allows an attacker to change a victim's email address, validate the new email address, and request a new password, potentially allowing them to take complete control of other users' legitimate accounts. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

High priority should be given to patching this vulnerability due to its high CVSS score and potential impact on user account security.

Recommended defensive actions

  • Apply the vendor's official patch or mitigation as soon as available
  • Verify and validate user account changes to prevent unauthorized modifications
  • Implement additional monitoring and logging to detect potential exploitation attempts
  • Conduct a thorough review of user accounts for any suspicious activity
  • Consider implementing compensating controls, such as IP restrictions or multi-factor authentication

Evidence notes

The CVE record and NVD detail provide limited information about the affected application and vendor. Further investigation is needed to determine the specific products and versions affected by this vulnerability. The Incibe notice may provide additional context, but its relevance and detail are unclear.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-03-16T14:19:45.150Z and has not been modified since then. The NVD entry is currently Deferred.