CVE Catalog

CVE-2026-38807

High
Published: Translated: NVD NIST

Summary

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component.

Risk Assessment

The organization may be exposed to unauthorized access to sensitive data or system functions, potentially leading to serious security breaches.

Recommendation

It is recommended to update to the latest version of kvf-admin and review permissions in the system to minimize the risk of privilege escalation.

Original NVD description (English source)

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component

Vulnerability data from NVD (NIST) · CISA KEV · EPSS