Vulnerabilities ›

CVE-2026-3263

Medium ⚡ Exploit Available

CWE-266 — Weakness Type

                    Published: Feb 26, 2026                      ·  Modified: Mar 5, 2026                      ·  Source: NVD                

CVSS v3

6.3

🔗 NVD Official

📄 Description (English)

A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.

🤖 AI Executive Summary

CVE-2026-3263 is an improper authorization vulnerability in go2ismail Asp.Net-Core-Inventory-Order-Management-System affecting the Security API endpoint /api/Security/, allowing remote attackers to manipulate authorization controls. The vulnerability impacts systems up to version 9.20250118 and the vendor has not provided patches or responses.

📄 Description (Arabic)

يؤثر هذا الضعف على نقطة نهاية Security API في نظام إدارة المخزون والطلبات go2ismail، مما يسمح بالتلاعب غير المصرح به بآليات التفويض. يمكن للمهاجمين البعيدين استغلال هذا الضعف للوصول إلى الموارد المحمية دون تفويض صحيح.

🤖 ملخص تنفيذي (AI)

This vulnerability affects the Security API in go2ismail's inventory management system, allowing unauthorized manipulation of authorization mechanisms through the /api/Security/ endpoint. Remote attackers can exploit this flaw without authentication to bypass access controls in affected versions.

🤖 AI Intelligence Analysis Analyzed: May 17, 2026 04:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: high

🏢 Affected Saudi Sectors

government banking energy healthcare

🎯 MITRE ATT&CK Techniques

T1078 T1548 T1556

⚖️ Saudi Risk Score (AI)

6.0

/ 10.0

🔧 Remediation Steps (English)

Immediately upgrade to a patched version beyond 9.20250118 if available; implement network-level access controls to restrict access to /api/Security/ endpoints; apply Web Application Firewall (WAF) rules to monitor and block suspicious authorization manipulation attempts; conduct security audit of all API endpoints; implement proper role-based access control (RBAC) and input validation.

🔧 خطوات المعالجة (العربية)

قم بالترقية الفورية إلى إصدار مصحح بعد 9.20250118 إن توفر؛ طبق عناصر تحكم الوصول على مستوى الشبكة لتقييد الوصول إلى نقاط نهاية /api/Security/؛ طبق قواعد جدار الحماية لتطبيقات الويب لمراقبة ومنع محاولات التلاعب بالتفويض؛ أجر تدقيق أمني لجميع نقاط النهاية؛ طبق التحكم في الوصول القائم على الأدوار والتحقق من صحة المدخلات.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

5.1.1 5.1.2 5.2.1

🔵 SAMA CSF

AC-2 AC-3 AC-6

🟡 ISO 27001:2022

A.9.1.1 A.9.2.1 A.9.2.5

🔗 References & Sources 4

🔗

https://github.com/Ghufran2/CVE-Asp.Net-Core-Inventory-Order-Management-System-Advisori...

cna@vuldb.com

Exploit Mitigation Third Party Advisory

🔗

https://vuldb.com/?ctiid.347986

cna@vuldb.com

Permissions Required VDB Entry

🔗

https://vuldb.com/?id.347986

cna@vuldb.com

Third Party Advisory VDB Entry

🔗

https://vuldb.com/?submit.758335

cna@vuldb.com

Third Party Advisory VDB Entry

📦 Affected Products / CPE 1 entries

go2ismail:asp.net-core-inventory-order-management-system

📊 CVSS Score

6.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score6.3

CWECWE-266

EPSS0.04%

Exploit ✓ Yes

Patch ✗ No

Published 2026-02-26

Source Feed nvd

🇸🇦 Saudi Risk Score

6.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

exploit-available CWE-266

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-3263

Introduce Yourself

Sign In Required