Theme-one The Grid CVE-2026-24368
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
AnalysisAI
Improper access control in Theme-one The Grid versions prior to 2.8.0 enables authenticated users to bypass authorization checks and gain unauthorized access to sensitive functionality. An attacker with valid credentials could exploit misconfigured security levels to read, modify, or delete data without proper permissions. No patch is currently available.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects Theme-one The Grid the-grid. Missing Authorization vulnerability in Theme-one The Grid the-grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Grid: from n/a through < 2.8.0.
Affected ProductsAI
Product: Theme-one The Grid the-grid.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today