Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Network-reachable IDOR needing only a low-privileged account (PR:L) and no interaction; user-controlled key grants full cross-account read/write, so C/I/A all High.
Primary rating from Vendor (TR-CERT).
CVSS VectorVendor: TR-CERT
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Authorization bypass through User-Controlled key vulnerability in Adam Retail Automation Ltd. MobilMen 20T allows Privilege Escalation.
This issue affects MobilMen 20T: from v3 through 10072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Privilege escalation in Adam Retail Automation's MobilMen 20T (versions v3 through build 10072026) lets an authenticated low-privileged user manipulate a user-controlled key (CWE-639) to access resources or actions belonging to other, higher-privileged accounts. The flaw carries CVSS 8.8 and was reported by Turkey's national CERT (TR-CERT), but no public exploit identified at time of analysis and it is not in CISA KEV. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated session on MobilMen 20T (CVSS PR:L - a valid low-privileged account is a prerequisite, obtainable via insider access, credential theft, or self-registration if enabled), reachable over the network (AV:N) with low attack complexity and no user interaction (AC:L/UI:N). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are moderately consistent but incomplete. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who holds or acquires a low-privileged MobilMen 20T account (for example a basic field-sales login) intercepts an application request and swaps the user- or object-identifier parameter for that of an administrator or another tenant. Because the server trusts the client-supplied key, the request executes with the target's privileges, granting the attacker elevated access to read, modify, or disrupt data. … |
| Remediation | No vendor-released patch identified at time of analysis, and the vendor did not respond to disclosure, so a fixed version cannot be cited. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all MobilMen 20T deployments and identify which staff have low-privilege account access. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Mobilmen 20T
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42959
GHSA-8jm8-xjp3-35hq