Skip to main content

Theme-one The Grid CVE-2026-24368

MEDIUM
Missing Authorization (CWE-862)
2026-01-22 audit@patchstack.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Severity Changed
Apr 23, 2026 - 15:43 NVD
HIGH MEDIUM
CVSS changed
Apr 23, 2026 - 15:43 NVD
8.8 (HIGH) 5.3 (MEDIUM)
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 22, 2026 - 17:16 nvd
HIGH 8.8

DescriptionCVE.org

Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

AnalysisAI

Improper access control in Theme-one The Grid versions prior to 2.8.0 enables authenticated users to bypass authorization checks and gain unauthorized access to sensitive functionality. An attacker with valid credentials could exploit misconfigured security levels to read, modify, or delete data without proper permissions. No patch is currently available.

Technical ContextAI

Classified as CWE-862 (Missing Authorization). Affects Theme-one The Grid the-grid. Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.

Affected ProductsAI

Product: Theme-one The Grid the-grid.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-24368 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy