Vulnerabilities

Report: Latest: CVE-2026-35476 - InvenTree Affected by Privilege Escalation via API

2026-04-08 0 views admin

CVE ID :CVE-2026-35476 Published : April 8, 2026, 8:16 p.m. | 18 minutes ago Description :InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, a non-staff authenticated user can elevate their account to a staff level via a POST request against their user account endpoint. The write permissions on the API endpoint are improperly configured, allowing any user to change their staff status. This vulnerability is fixed in 1.2.7 and 1.3.0. Severity: 7.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-35476

Severity

HIGH

Published

April 8, 2026

🏷️ Tags

reportlatest35476inventreeaffectedprivilegeescalationpublishedcverce

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: Latest: CVE-2026-35476 - InvenTree Affected by Privilege Escalation via API

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-39844 - NiceGUI has a Path Traversal in NiceGUI Upload Filename on Windows via Backslash

Report: CVE-2026-5803 - bigsk1 openai-realtime-ui API Proxy Endpoint server.js server-side request forgery - 2025 Update

Report: CVE-2026-39429 - kcp's cache server is accessible without authentication or authorization checks

Report: CVE-2026-23869 - React Server Components Denial of Service Vulnerability

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting