CVE Catalog
CVE-2026-57652
MediumCVSS 5.3Summary
An IDOR vulnerability in JS Help Desk versions up to 3.1.0 allows an unauthenticated attacker to directly access objects such as tickets or customer data by manipulating request parameters.
Risk Assessment
The risk involves unauthorized reading, modification, or deletion of sensitive helpdesk data without authentication, potentially leading to information disclosure and confidentiality breaches.
Recommendation
It is recommended to immediately upgrade JS Help Desk to a version newer than 3.1.0 and implement authorization and access validation mechanisms for objects.
Original NVD description (English source)
Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.

