Skip to main content

Vw Pet Shop CVE-2026-32435

| EUVDEUVD-2026-11973 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11973
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in vowelweb VW Pet Shop vw-pet-shop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Pet Shop: from n/a through <= 1.4.7.

AnalysisAI

VW Pet Shop through version 1.4.7 contains an authorization bypass vulnerability that allows unauthenticated remote attackers to modify data due to improperly configured access controls. An attacker can exploit this to alter information within the application without requiring authentication or user interaction. Currently, no patch is available for this vulnerability.

Technical ContextAI

The vulnerability stems from CWE-862 (Missing Authorization), a fundamental access control flaw where the VW Pet Shop application fails to properly validate that users have explicit permission to perform sensitive operations. The affected product is vowelweb VW Pet Shop (CPE identifier: cpe:2.3:a:vowelweb:vw_pet_shop), an e-commerce or pet management platform. The root cause appears to be inadequately configured security levels in authorization logic, likely affecting administrative or state-modifying endpoints. Rather than a protocol or cryptographic weakness, this is an application-layer authorization bypass where request validation mechanisms either don't exist or are circumvented by directly accessing protected resources without proper role-based or attribute-based access control checks.

RemediationAI

Immediately upgrade vowelweb VW Pet Shop to a version beyond 1.4.7 once a patched release is available from the vendor. Until patching is complete, implement network-level access controls to restrict access to VW Pet Shop to trusted internal networks or known IP ranges, and deploy a Web Application Firewall (WAF) with rules to block unauthorized access to sensitive endpoints identified in your application audit. Additionally, review and enforce strict role-based access control (RBAC) or attribute-based access control (ABAC) policies within the application configuration, and consider temporarily disabling or rate-limiting sensitive administrative endpoints if they are not actively required. Monitor application logs for unauthorized modification attempts and audit all recent changes to critical data to identify if the vulnerability was previously exploited.

Share

CVE-2026-32435 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy