Auth bypass in Wakyma Application Web

CVE-2026-3020

Identity based authorization bypass vulnerability (IDOR) that allows an attacker to modify the data of a legitimate user account, such as changing the victim's email address, validating the new email address, and requesting a new password…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.

Affected products

Wakyma Application Web — versions all versions

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

cve-coordination@incibe.es (patch)