Vulnerabilities ›

CVE-2026-5228

High

CWE-284 — Weakness Type

                    Published: Jun 4, 2026                      ·  Modified: Jun 10, 2026                      ·  Source: NVD                

CVSS v3

8.8

🔗 NVD Official

📄 Description (English)

Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects WriteUp Mobile App: from 1.3.0 through 04062026.

🤖 AI Executive Summary

CVE-2026-5228 is an improper access control vulnerability in Kurt Software Studio WriteUp Mobile App versions 1.3.0 through 04062026 that allows unauthorized users to access restricted functionality. The vulnerability stems from missing authorization checks and inadequate ACL (Access Control List) constraints, potentially exposing sensitive features to unauthorized access.

📄 Description (Arabic)

تؤثر هذه الثغرة على تطبيق WriteUp Mobile من الإصدار 1.3.0 إلى 04062026 وتسمح بالوصول غير المصرح إلى الوظائف المقيدة. المشكلة تنشأ من غياب فحوصات التفويض المناسبة وقيود قوائم التحكم بالوصول الناقصة. قد يؤدي هذا إلى تعريض البيانات الحساسة والميزات المقيدة للوصول غير المصرح.

🤖 ملخص تنفيذي (AI)

This vulnerability in WriteUp Mobile App allows attackers to bypass authorization controls and access restricted functionality not properly protected by access control lists. Organizations using affected versions face risks of unauthorized data access and privilege escalation.

🤖 AI Intelligence Analysis Analyzed: Jun 9, 2026 01:32

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government banking telecom

🎯 MITRE ATT&CK Techniques

T1548 T1078 T1199

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Update WriteUp Mobile App to version 04062026 or later immediately. Conduct access control audits to verify ACL configurations. Implement principle of least privilege and enforce role-based access controls. Monitor application logs for unauthorized access attempts.

🔧 خطوات المعالجة (العربية)

قم بتحديث تطبيق WriteUp Mobile إلى الإصدار 04062026 أو أحدث فوراً. أجرِ تدقيقاً لمراجعة التحكم في الوصول والتحقق من إعدادات قوائم التحكم بالوصول. طبّق مبدأ الامتيازات الأقل وفرض التحكم في الوصول القائم على الأدوار. راقب سجلات التطبيق للكشف عن محاولات الوصول غير المصرح.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 AC-6

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.2.5

🔗 References & Sources 1

🔗

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0310

iletisim@usom.gov.tr

📊 CVSS Score

8.8

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.8

CWECWE-284

EPSS0.04%

Exploit No

Patch ✗ No

Published 2026-06-04

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-284

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-5228

Introduce Yourself

Sign In Required