Close Menu
    Subscribe
    Alerts

    CVE-2026-11521 | THREATINT

    adminBy No Comments1 Min Read


    Home

    Description

    A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction Endpoint. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

    PUBLISHED Reserved 2026-06-07 | Published 2026-06-08 | Updated 2026-06-08 | Assigner VulDB

    MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

    MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

    MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

    6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

    Problem types

    Improper Authorization

    Incorrect Privilege Assignment

    Product status

    7b9bcc65ad7df3db29af71aed9bb500e5f24d948
    affected

    Timeline

    2026-06-07: Advisory disclosed
    2026-06-07: VulDB entry created
    2026-06-07: VulDB entry last update

    Credits

    wr0ld (VulDB User) reporter

    VulDB CNA Team coordinator

    References

    vuldb.com/vuln/369141 (VDB-369141 | Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization) vdb-entry

    vuldb.com/vuln/369141/cti (VDB-369141 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

    vuldb.com/cve/CVE-2026-11521 (CVE-2026-11521 | CVE Analysis and Report) third-party-advisory

    vuldb.com/submit/836452 (Submit #836452 | Mohammed-eid35 bank-management-system-springboot 1 Authentication Bypass by Primary Weakness) third-party-advisory

    github.com/…d35/bank-management-system-springboot/issues/8 exploit issue-tracking

    github.com/Mohammed-eid35/bank-management-system-springboot/ product

    cve.org (CVE-2026-11521)

    nvd.nist.gov (CVE-2026-11521)

    Download JSON



    Source link

    Share.

    Related Posts

    Add A Comment

    Comments are closed.