CVE-2026-13549 | A security flaw has been discovered in CodeAstro Complaint M… | CVSS 5.4 MEDIUM

Description

A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Metadata

CVE ID: CVE-2026-13549
State: PUBLISHED
Assigner: VulDB
Reserved: 2026-06-28 11:02 UTC
Published: 2026-06-29 08:00 UTC
Last updated: 2026-06-29 10:33 UTC
Primary CWE: CWE-639
Authorization Bypass
Vendor / Product: CodeAstro / Complaint Management System
Sources: cve.org · NVD

Severity & Metrics

5.4 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
CodeAstro	Complaint Management System	—	1.0

Weakness (CWE)

CWE	Source	Description
CWE-285	cna	Improper Authorization
CWE-639	cna	Authorization Bypass

CVSS scores (4)

Score	Severity	Version	Source	Vector
6.4	N/D	2.0	cna	AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:ND/RC:UR
5.4	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
5.4	MEDIUM	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L/E:P/RL:X/RC:R
5.3	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

References (6)

VDB-374557 | CodeAstro Complaint Management System Report Endpoint Report.php deletereport authorization https://vuldb.com/vuln/374557
VDB-374557 | CTI Indicators (IOB, IOC, IOA) https://vuldb.com/vuln/374557/cti
CVE-2026-13549 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-13549
Submit #843260 | CodeAstro Complaint Management System v1.0 Insecure Direct Object Reference (IDOR) https://vuldb.com/submit/843260
https://github.com/ashikmd0507/CVE/tree/main/Unauthenticated%20Arbitrary%20Report%20%26%20File%20Deletion
https://codeastro.com/