Vulnerability in Neorazorx Facturascripts
CVE-2026-32699
FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser controller. Although the user interface prevent…
EPSS: 0.000 (3.6th percentile) — read the EPSS interpretation.
Affected products
- Neorazorx Facturascripts — versions <= 2025.92
Weakness classification (CWE)
Public proof-of-concept exploits
References
- https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-pp79-hqv6-vmc3 (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-32699?
- CVE-2026-32699 is a vulnerability in Neorazorx Facturascripts, classified under CWE-472. Published 2026-05-05.
- Is CVE-2026-32699 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.