Loading market data...
← Back to CVE feed

CVE-2026-35552

HIGH CVSS 8.1 View on NVD ↗

Description

In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's license.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Published: Jul 08, 2026 22:17 UTC Modified: Jul 09, 2026 16:16 UTC