CVE Catalog

CVE-2026-54810

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

Nexi Payments Nexi XPay has a missing authorization vulnerability that allows exploiting incorrectly configured access control security levels.

Risk Assessment

Organizations may be exposed to unauthorized access to sensitive data or system functions, potentially leading to serious security breaches.

Recommendation

It is recommended to review and improve the configuration of access control security levels in Nexi XPay to ensure proper user authorization.

Original NVD description (English source)

Missing Authorization vulnerability in Nexi Payments Nexi XPay allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Nexi XPay: from n/a through 8.3.1.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS