Skip to main content

CVE-2026-27396

HIGH
Missing Authorization (CWE-862)
2026-03-05 audit@patchstack.com
7.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.3 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Re-analysis Queued
Apr 22, 2026 - 21:37 vuln.today
cvss_changed
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 05, 2026 - 06:16 nvd
HIGH 7.3

DescriptionCVE.org

Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.

AnalysisAI

Improper access control in e-plugins Directory Pro up to version 2.5.6 enables unauthenticated attackers to bypass authorization checks and gain unauthorized access to sensitive directory information. The vulnerability allows attackers to read, modify, or delete data depending on the misconfigured security levels without requiring authentication or user interaction. A patch is not currently available.

Technical ContextAI

Classified as CWE-862 (Missing Authorization). Affects e-plugins Directory Pro directory-pro. Missing Authorization vulnerability in e-plugins Directory Pro directory-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directory Pro: from n/a through <= 2.5.6.

Affected ProductsAI

Product: e-plugins Directory Pro directory-pro.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Share

CVE-2026-27396 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy