CVE-2026-24541
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through <= 2.1.9.
AnalysisAI
Download After Email versions 2.1.9 and earlier contain a missing authorization vulnerability that allows unauthenticated remote attackers to bypass access control restrictions and gain unauthorized access to sensitive functionality. The vulnerability stems from improper validation of user permissions, enabling attackers on the network to read restricted information without authentication. No patch is currently available for this issue.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects mkscripts Download After Email download-after-email. Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Email: from n/a through <= 2.1.9.
Affected ProductsAI
Product: mkscripts Download After Email download-after-email.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today