Skip to main content

CVE-2026-5599

| EUVD-2026-19085 HIGH
Improper Isolation or Compartmentalization (CWE-653)
2026-04-05 rami.io
Information Disclosure
7.3
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:06 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
02b9cbe5
EUVD ID Assigned
Apr 05, 2026 - 12:45 euvd
EUVD-2026-19085
Analysis Generated
Apr 05, 2026 - 12:45 vuln.today
CVE Published
Apr 05, 2026 - 12:36 nvd
HIGH 7.3

DescriptionNVD

A user with API access and "manage users" permission in any venueless world is able to trigger deletion of user accounts in other worlds.

AnalysisAI

Cross-world user deletion in venueless allows authenticated API users with 'manage users' permission in one world to delete user accounts in completely separate worlds. Venueless versions prior to commit 02b9cbe5 are affected. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Identify all venueless deployments and confirm current versions prior to commit 02b9cbe5. Within 7 days: Apply vendor-released patch to commit 02b9cbe5 or later across all affected instances; prioritize production multi-tenant environments. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-5599 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy