Vulnerabilities ›

CVE-2026-8046

High

CWE-863 — Weakness Type

                    Published: May 26, 2026                      ·  Modified: Jun 2, 2026                      ·  Source: NVD                

CVSS v3

8.1

🔗 NVD Official

📄 Description (English)

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.

🤖 AI Executive Summary

CVE-2026-8046 is an authorization bypass vulnerability allowing authenticated low-privileged users to delete other user accounts including administrators. This affects multiple products with CVSS score 8.1, enabling privilege escalation and account takeover attacks.

📄 Description (Arabic)

يسمح هذا الضعف للمستخدمين المصرح لهم بمستويات امتياز منخفضة بتجاوز فحوصات التفويض وحذف حسابات المستخدمين الآخرين بما في ذلك المسؤولين. تواجه المنظمات التي تستخدم المنتجات المتأثرة مخاطر حذف الحسابات غير المصرح به والتعرض المحتمل للنظام.

🤖 ملخص تنفيذي (AI)

This vulnerability allows authenticated users with low privileges to bypass authorization checks and delete other user accounts including those with higher privileges. Organizations using affected products face risks of unauthorized account deletion and potential system compromise.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 06:16

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1531 T1078 T1087

⚖️ Saudi Risk Score (AI)

8.0

/ 10.0

🔧 Remediation Steps (English)

Apply vendor security patches immediately. Implement role-based access control (RBAC) with strict authorization checks for account deletion operations. Conduct access control audits and enforce principle of least privilege. Monitor and log all account deletion activities. Restrict account deletion permissions to authorized administrators only.

🔧 خطوات المعالجة (العربية)

تطبيق تصحيحات الأمان من المورد فوراً. تنفيذ التحكم في الوصول القائم على الأدوار مع فحوصات التفويض الصارمة لعمليات حذف الحسابات. إجراء تدقيق التحكم في الوصول وفرض مبدأ الامتياز الأدنى. مراقبة وتسجيل جميع أنشطة حذف الحسابات. تقييد أذونات حذف الحسابات للمسؤولين المصرح لهم فقط.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 AC-6

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.2.5

🔗 References & Sources 1

🔗

https://www.certvde.com/en/advisories/VDE-2026-056/

info@cert.vde.com

📊 CVSS Score

8.1

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score8.1

CWECWE-863

EPSS0.10%

Exploit No

Patch ✗ No

Published 2026-05-26

Source Feed nvd

🇸🇦 Saudi Risk Score

8.0

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-863

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-8046

Introduce Yourself

Sign In Required