CVE Catalog

CVE-2026-27433

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

17th percentile — higher than 17% of all known CVEs

Summary

The Motors plugin versions up to 5.6.80 contain an unauthenticated broken access control vulnerability. An attacker without authentication can bypass security measures and gain unauthorized access to functions or data.

Risk Assessment

The risk involves unauthorized access to sensitive functions or data without requiring login, potentially leading to confidentiality and integrity breaches.

Recommendation

Immediately update the Motors plugin to version 5.6.81 or later, which fixes this vulnerability. Also review the access control configuration in the system.

Original NVD description (English source)

Unauthenticated Broken Access Control in Motors <= 5.6.80 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS