CVE-2026-11521

6.3 MEDIUM

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24...

Published: 2026-06-08 · Last updated: 2026-06-09

Severity and scoring

CVSS: 6.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266, CWE-285

Description

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction Endpoint. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-47342 — A privilege escalation vulnerability in Apache OFBiz allows a low-privileged authenticated user to obtain higher privileges This issue...
CVE-2026-46668 — SpiceDB is an open source database system for creating and managing security-critical application permissions
CVE-2026-47298 — Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network (8.0 HIGH)
CVE-2026-45503 — Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to disclose information over a network (8.1 HIGH)
CVE-2026-45490 — Improper authorization in .NET allows an authorized attacker to elevate privileges locally (7.8 HIGH)