What is CVE-2021-26598?

CVE-2021-26598 is a vulnerability in N/a. Published 2022-03-28.

Is CVE-2021-26598 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-26598

ImpressCMS before 1.4.3 has Incorrect Access Control because include/findusers.php allows access by unauthenticated attackers (who are, by design, able to have a security token).

EPSS: 0.761 (98.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

hackerone.com/reports/1081137 (x_refsource_MISC)
packetstormsecurity.com/files/166403/ImpressCMS-1.4.2-Incorrect-Access-Control… (x_refsource_MISC)
karmainsecurity.com/KIS-2022-03 (x_refsource_MISC)
seclists.org/fulldisclosure/2022/Mar/45 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-26598?: CVE-2021-26598 is a vulnerability in N/a. Published 2022-03-28.
Is CVE-2021-26598 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.