CVE Catalog

CVE-2026-40768

HighCVSS 7.3
Published: Updated: Translated: NVD NIST

Summary

The salon booking system versions up to 10.30.24 are vulnerable to unauthenticated Insecure Direct Object References (IDOR). This allows attackers to access resources they should not have access to.

Risk Assessment

The organization may be exposed to unauthorized access to user data and resources, potentially leading to information leaks and privacy violations.

Recommendation

It is recommended to update the salon booking system to the latest version to mitigate this vulnerability and implement appropriate authorization mechanisms.

Original NVD description (English source)

Unauthenticated Insecure Direct Object References (IDOR) in Salon booking system <= 10.30.24 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS