Auth bypass in Roskus Prospero Flow Crm

CVE-2026-59236

Authorization Bypass Through User-Controlled Key (CWE-639) in the Excel import handlers (CustomerImport, LeadImport, ProductImport) in Roskus Prospero Flow CRM before 5.14.0 allows a remote, authenticated user of any role or company to cre…

Vulnerability class: IDOR (Insecure Direct Object Reference)

Affected products

Weakness classification (CWE)

References