CVE Catalog

CVE-2026-57652

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Summary

An IDOR vulnerability in JS Help Desk versions up to 3.1.0 allows an unauthenticated attacker to directly access objects such as tickets or customer data by manipulating request parameters.

Risk Assessment

The risk involves unauthorized reading, modification, or deletion of sensitive helpdesk data without authentication, potentially leading to information disclosure and confidentiality breaches.

Recommendation

It is recommended to immediately upgrade JS Help Desk to a version newer than 3.1.0 and implement authorization and access validation mechanisms for objects.

Original NVD description (English source)

Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS