Back to overview

CVE-2026-15491

HIGH
7.3
CVSS 3.1
Description
A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

Metadata

CVE ID
CVE-2026-15491
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-11 11:58 UTC
Published
2026-07-12 09:45 UTC
Last updated
2026-07-12 09:45 UTC
Primary CWE
CWE-306
Missing Authentication
Vendor / Product
RafyMrX / TOKO-ONLINE-ROTI
Sources
cve.org  ·  NVD

Severity & Metrics

7.3 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
Affected products (1)
VendorProductPlatformVersions
RafyMrX TOKO-ONLINE-ROTI ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99
Weakness (CWE)
CWESourceDescription
CWE-287 cna Improper Authentication
CWE-306 cna Missing Authentication
CVSS scores (4)
ScoreSeverityVersionSourceVector
7.5 N/D 2.0 cna AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR
7.3 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
7.3 HIGH 3.0 cna CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R
6.9 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X
References (4)
Back to overview