Auth bypass in Roskus Prospero Flow Crm
CVE-2026-59236
Authorization Bypass Through User-Controlled Key (CWE-639) in the Excel import handlers (CustomerImport, LeadImport, ProductImport) in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to cre…
Vulnerability class: IDOR (Insecure Direct Object Reference)
Affected products
- Roskus Prospero Flow Crm — versions 1.0.0
Weakness classification (CWE)
References
- 4daa8cea-433a-44bd-9456-53b127fc289a (patch)
- 4daa8cea-433a-44bd-9456-53b127fc289a (release-notes)
- 4daa8cea-433a-44bd-9456-53b127fc289a (technical-description)