CVE Catalog

CVE-2026-29204

Critical
Published: Translated: NVD NIST

Summary

Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's account.

Risk Assessment

The organization may be exposed to unauthorized access to user accounts, potentially leading to data breaches or unauthorized actions on accounts.

Recommendation

It is recommended to implement proper ownership verification mechanisms for all operations related to `addonId` to prevent unauthorized access.

Original NVD description (English source)

Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's account.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS