Threats Tagged 'cve-2026-40350'
View all threats tagged with 'cve-2026-40350'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-40350'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-40350: CWE-863: Incorrect Authorization in leepeuker movaryCVE-2026-40350 0 Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can access the user-management endpoints `/settings/users` and use them to enumerate all users and create a new administrator account. This happens because the route definitions do not enforce admin-only middleware, and the controller-level authorization check uses a broken boolean condition. As a result, any user with a valid web session cookie can reach functionality that should be restricted to administrators. Version 0.71.1 patches the issue. Join the discussion | CVE Database V5 | 04/18/2026, 00:07:33 UTC Added: 04/18/2026, 01:08:07 UTC |
Showing 1 to 1 of 1 result