CVE-2026-27387
MEDIUMSeverity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.
AnalysisAI
Improper access control in designinvento DirectoryPress up to version 3.6.26 allows authenticated users to modify data and cause service disruptions through misconfigured security levels. An attacker with valid credentials can exploit this vulnerability to manipulate application integrity and availability without requiring user interaction. No patch is currently available for this medium-severity vulnerability.
Technical ContextAI
Classified as CWE-862 (Missing Authorization). Affects designinvento DirectoryPress directorypress. Missing Authorization vulnerability in designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.26.
Affected ProductsAI
Product: designinvento DirectoryPress directorypress.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today