CVE-2026-23974
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
AnalysisAI
Uxper Golo versions prior to 1.7.5 contain an access control bypass that allows authenticated attackers to exploit improperly configured security levels to gain unauthorized access to sensitive functions and data. An attacker with valid credentials can leverage this missing authorization check to escalate privileges and perform administrative actions without proper permission validation. No patch is currently available for this high-severity vulnerability (CVSS 8.8).
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects uxper Golo golo. Missing Authorization vulnerability in uxper Golo golo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Golo: from n/a through < 1.7.5.
Affected ProductsAI
Product: uxper Golo golo.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today