Back to overview

CVE-2026-35552

Description
In CAXperts UPVWebServices 2.4.2212.603 through 2.7.6 and UDiTH Portal 2026.0.0 through 2026.2.0, an authenticated remote user can invoke an administrative API endpoint intended for privileged users. Due to missing authorization checks, this allows the attacker to deactivate the application's license.

Metadata

CVE ID
CVE-2026-35552
State
PUBLISHED
Assigner
mitre
Reserved
2026-04-03 00:00 UTC
Published
2026-07-08 00:00 UTC
Last updated
2026-07-08 21:52 UTC
Vendor / Product
n/a / n/a
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
n/a n/a n/a
Weakness (CWE)
CWESourceDescription
cna n/a
Back to overview