Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
4DescriptionCVE.org
Missing Authorization vulnerability in Israpil Textmetrics webtexttool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Textmetrics: from n/a through <= 3.6.4.
AnalysisAI
Improper access control in Textmetrics up to version 3.6.4 allows authenticated users to modify data they should not have permission to access. An attacker with valid credentials can exploit misconfigured security levels to perform unauthorized modifications. No patch is currently available for this vulnerability.
Technical ContextAI
This vulnerability represents a failure in the authorization layer of Textmetrics webtexttool, classified under CWE-862 (Missing Authorization). The affected product is Israpil Textmetrics, a text analysis and metrics tool, with versions from an unspecified baseline through version 3.6.4 vulnerable to access control bypass. The root cause lies in insufficient verification of user privileges before permitting state-changing operations; the application likely fails to properly validate role-based access control (RBAC) or attribute-based access control (ABAC) policies on sensitive endpoints. This is distinct from authentication bypass—the user must already be logged in—but represents a horizontal or vertical privilege escalation where the application trusts authenticated users to self-enforce authorization rather than enforcing it server-side.
RemediationAI
Upgrade Israpil Textmetrics to a patched version above 3.6.4 immediately. Contact Israpil support or monitor their security advisories for the availability of version 3.6.5 or later. As an interim mitigation, restrict network access to the webtexttool application to trusted IP ranges and internal networks only; enforce network segmentation to limit which authenticated users can reach the application. Additionally, implement comprehensive audit logging of all state-changing operations performed via the webtexttool and review access logs for unauthorized modifications. Consider deploying a reverse proxy or Web Application Firewall (WAF) in front of the application to monitor for suspicious authorization-bypass patterns, and enforce multi-factor authentication (MFA) for all Textmetrics user accounts to reduce risk from compromised credentials.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-11806