Skip to main content

Textmetrics CVE-2026-32331

| EUVDEUVD-2026-11806 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

4
CVSS changed
Apr 29, 2026 - 10:22 NVD
4.3 (MEDIUM) 5.4 (MEDIUM)
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11806
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:41 nvd
MEDIUM 4.3

DescriptionCVE.org

Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.4.

AnalysisAI

Improper access control in Textmetrics up to version 3.6.4 allows authenticated users to modify data they should not have permission to access. An attacker with valid credentials can exploit misconfigured security levels to perform unauthorized modifications. No patch is currently available for this vulnerability.

Technical ContextAI

This vulnerability represents a failure in the authorization layer of Textmetrics webtexttool, classified under CWE-862 (Missing Authorization). The affected product is Israpil Textmetrics, a text analysis and metrics tool, with versions from an unspecified baseline through version 3.6.4 vulnerable to access control bypass. The root cause lies in insufficient verification of user privileges before permitting state-changing operations; the application likely fails to properly validate role-based access control (RBAC) or attribute-based access control (ABAC) policies on sensitive endpoints. This is distinct from authentication bypass—the user must already be logged in—but represents a horizontal or vertical privilege escalation where the application trusts authenticated users to self-enforce authorization rather than enforcing it server-side.

RemediationAI

Upgrade Israpil Textmetrics to a patched version above 3.6.4 immediately. Contact Israpil support or monitor their security advisories for the availability of version 3.6.5 or later. As an interim mitigation, restrict network access to the webtexttool application to trusted IP ranges and internal networks only; enforce network segmentation to limit which authenticated users can reach the application. Additionally, implement comprehensive audit logging of all state-changing operations performed via the webtexttool and review access logs for unauthorized modifications. Consider deploying a reverse proxy or Web Application Firewall (WAF) in front of the application to monitor for suspicious authorization-bypass patterns, and enforce multi-factor authentication (MFA) for all Textmetrics user accounts to reduce risk from compromised credentials.

Share

CVE-2026-32331 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy