CVE-2026-24612
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.
AnalysisAI
Orchid Store versions up to 1.5.15 contain an authorization bypass that allows unauthenticated remote attackers to access sensitive information due to improperly configured access controls. This vulnerability enables unauthorized users to read restricted data without requiring authentication or user interaction. No patch is currently available.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects themebeez Orchid Store orchid-store. Missing Authorization vulnerability in themebeez Orchid Store orchid-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Orchid Store: from n/a through <= 1.5.15.
Affected ProductsAI
Product: themebeez Orchid Store orchid-store.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today