Threats Tagged 'cve-2026-58448'
View all threats tagged with 'cve-2026-58448'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-58448'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-58448: Missing Authorization in YunaiV yudao-cloudCVE-2026-58448 0 yudao-cloud before 2026.06 contains a broken access control vulnerability in the BPM module that allows any authenticated user to access arbitrary process instance records by supplying a caller-controlled process-instance identifier to an unprotected endpoint lacking the @PreAuthorize annotation. Attackers can query any process-instance identifier through the unguarded GET endpoint to read sensitive workflow data including submitted form variables, approver identities, approval and rejection comments, and process BPMN XML without ownership or tenant party verification. Join the discussion | CVE Database V5 | 06/30/2026, 21:06:21 UTC Added: 06/30/2026, 21:36:47 UTC |
Showing 1 to 1 of 1 result