CVE-2026-14753: Authorization Bypass in mjperpinosa stumasy
CVE-2026-14753 is an authorization bypass vulnerability in the mjperpinosa stumasy product affecting an unknown function in the /PHP/objects/notes file related to the Note Handler/Assignment Handler component. The vulnerability arises from manipulation of the assignment_item_id argument, allowing remote attackers to bypass authorization controls. The product uses continuous delivery with rolling releases, so no specific affected or fixed versions are identified. The vendor has not yet responded or provided a fix. The vulnerability has a CVSS 4.0 base score of 6.9 (medium severity).
AI Analysis
Technical Summary
This vulnerability in mjperpinosa stumasy up to commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be allows remote attackers to bypass authorization by manipulating the assignment_item_id parameter in an unknown function within the /PHP/objects/notes file, part of the Note Handler/Assignment Handler component. The exploit is publicly available. Due to the product's continuous delivery model with rolling releases, no explicit affected or fixed versions are provided. The vendor has not issued any advisory or patch at the time of this report.
Potential Impact
Successful exploitation allows an unauthenticated remote attacker to bypass authorization controls, potentially gaining unauthorized access to note or assignment data managed by the vulnerable component. The impact is limited to the confidentiality and integrity of the affected component's data. There is no indication of privilege escalation or system-wide compromise from the available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded or provided a fix, monitor official channels for updates. Until a patch is available, consider restricting access to the affected functionality or implementing additional access controls as a temporary mitigation.
CVE-2026-14753: Authorization Bypass in mjperpinosa stumasy
Description
CVE-2026-14753 is an authorization bypass vulnerability in the mjperpinosa stumasy product affecting an unknown function in the /PHP/objects/notes file related to the Note Handler/Assignment Handler component. The vulnerability arises from manipulation of the assignment_item_id argument, allowing remote attackers to bypass authorization controls. The product uses continuous delivery with rolling releases, so no specific affected or fixed versions are identified. The vendor has not yet responded or provided a fix. The vulnerability has a CVSS 4.0 base score of 6.9 (medium severity).
CVSS v4.0
Score 6.9medium
Affected software
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in mjperpinosa stumasy up to commit 327d1b0f2915ba79d7ef8ebb74553e987609d9be allows remote attackers to bypass authorization by manipulating the assignment_item_id parameter in an unknown function within the /PHP/objects/notes file, part of the Note Handler/Assignment Handler component. The exploit is publicly available. Due to the product's continuous delivery model with rolling releases, no explicit affected or fixed versions are provided. The vendor has not issued any advisory or patch at the time of this report.
Potential Impact
Successful exploitation allows an unauthenticated remote attacker to bypass authorization controls, potentially gaining unauthorized access to note or assignment data managed by the vulnerable component. The impact is limited to the confidentiality and integrity of the affected component's data. There is no indication of privilege escalation or system-wide compromise from the available information.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vendor has not responded or provided a fix, monitor official channels for updates. Until a patch is available, consider restricting access to the affected functionality or implementing additional access controls as a temporary mitigation.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2026-07-04T15:50:27.016Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4ac58327e9c79719bd0981
Added to database: 07/05/2026, 20:58:43 UTC
Last enriched: 07/05/2026, 20:58:56 UTC
Last updated: 07/05/2026, 23:47:49 UTC
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.