CVE Catalog
CVE-2026-40768
HighCVSS 7.3Summary
The salon booking system versions up to 10.30.24 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.
Risk Assessment
The organization may be exposed to unauthorized access to user data and resources, potentially leading to information leaks and privacy violations.
Recommendation
It is recommended to update the salon booking system to the latest version to mitigate this vulnerability and implement appropriate authorization mechanisms.
Original NVD description (English source)
Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.

