Skip to main content

DijiDemi CVE-2026-6008

| EUVD-2026-30270 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-05-14 TR-CERT GHSA-6pgg-77xr-rqqp
Authentication Bypass
6.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 14, 2026 - 13:17 vuln.today
CVE Published
May 14, 2026 - 12:24 nvd
MEDIUM 6.8

DescriptionNVD

Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse.

This issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0.

AnalysisAI

Authorization bypass in DijiDemi v4.5.12.1 through v4.5.13.0 allows authenticated high-privilege users to escalate permissions through user-controlled cryptographic key manipulation. An attacker with high privileges can abuse the authorization mechanism by controlling session or authentication keys, bypassing intended access restrictions and potentially modifying data or executing unauthorized operations, though exploitation requires user interaction and high-privilege account access.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6008 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy