Home

Description

The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges.

PUBLISHED Reserved 2026-05-06 | Published 2026-05-26 | Updated 2026-05-26 | Assigner CERTVDE




HIGH: 7.2CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

HIGH: 8.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Problem types

CWE-863 Incorrect Authorization

Product status

Default status
unaffected

3.0.0.0 (semver) before 3.5.22.20
affected

Default status
unaffected

3.0.0.0 (semver) before 3.5.22.20
affected

Default status
unaffected

3.0.0.0 (semver) before 3.5.22.20
affected

Default status
unaffected

3.0.0.0 (semver) before 3.5.22.20
affected

Default status
unaffected

3.0.0.0 (semver) before 3.5.22.20
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Default status
unaffected

3.0.0.0 (semver) before 4.21.0.0
affected

Credits

ABB AG finder

References

www.certvde.com/en/advisories/VDE-2026-056/

cve.org (CVE-2026-8046)

nvd.nist.gov (CVE-2026-8046)

Download JSON