Auth bypass in Mycomplianceoffice Mco

CVE-2026-53902

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privil…

Affected products

Weakness classification (CWE)

References