CVE-2026-13549

EUVD-2026-40051
A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results in authorization bypass. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
5.4 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
codeastrocomplaint_management_system
1.0
CNA
Common Weakness Enumeration
References
https://codeastro.com/
https://github.com/ashikmd0507/CVE/tree/main/Unauthenticated%20Arbitrary%20Report%20%26%20File%20Deletion
https://vuldb.com/cve/CVE-2026-13549
https://vuldb.com/submit/843260
https://vuldb.com/vuln/374557
https://vuldb.com/vuln/374557/cti