Mikado-Themes Roam CVE-2026-22407
LOWSeverity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.
AnalysisAI
Mikado-Themes Roam through version 2.1.1 contains an authorization bypass vulnerability where attackers with valid user credentials can manipulate access control mechanisms to gain unauthorized access to sensitive functionality. This authentication-required vulnerability allows authenticated users to circumvent properly configured security levels through user-controlled parameters. No patch is currently available for this issue.
Technical ContextAI
Classified as CWE-639 (Authorization Bypass Through User-Controlled Key). Affects Mikado-Themes Roam roam. Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.
Affected ProductsAI
Product: Mikado-Themes Roam roam.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today