Flexcity
CVE-2026-1619
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
2DescriptionCVE.org
Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
AnalysisAI
Flexcity versions up to 1.0.36. is affected by authorization bypass through user-controlled key (CVSS 8.3).
Technical ContextAI
This vulnerability (CWE-639: Authorization Bypass Through User-Controlled Key) affects Flexcity. Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Flexcity versions before 1.0.36 contain an authentication bypass vulnerability that allows authenticated users to escala
Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today