Skip to main content

Bighearts EUVDEUVD-2026-11981

| CVE-2026-32439 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11981
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in WebGeniusLab BigHearts bighearts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BigHearts: from n/a through <= 3.1.14.

AnalysisAI

WebGeniusLab BigHearts contains a missing authorization vulnerability (CWE-862) that allows unauthenticated attackers to modify data due to incorrectly configured access control security levels. All versions of BigHearts through 3.1.14 are affected, enabling an attacker to bypass authorization checks and perform unauthorized data modification without requiring authentication or user interaction. With a CVSS score of 5.3 and network-accessible attack surface, this vulnerability poses a moderate integrity risk requiring prompt patching.

Technical ContextAI

This vulnerability stems from improper access control implementation in BigHearts, a web application platform by WebGeniusLab. The root cause is classified under CWE-862 (Missing Authorization), which occurs when an application fails to verify that a user is authorized to perform requested actions, particularly in API endpoints or resource handlers. The vulnerability affects the application's security level configuration mechanism, meaning access control lists or role-based access controls are either not enforced at critical junctures or are configured with overly permissive defaults. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N indicates the flaw is exploitable over the network without complexity, requires no privileges or user interaction, and impacts only data integrity within the application's scope.

RemediationAI

The primary remediation is to upgrade WebGeniusLab BigHearts to a version newer than 3.1.14 as soon as a patched release is available from the vendor. Organizations should contact WebGeniusLab directly or monitor their security advisories for patch releases. In the interim, implement network-level access controls to restrict unauthenticated access to BigHearts application endpoints, enforce role-based access control reviews in the application configuration, and consider deploying a Web Application Firewall (WAF) with rules that require proper authorization headers. Additionally, implement comprehensive audit logging on data modification operations to detect unauthorized changes, and restrict access to administrative or sensitive functions to explicitly trusted user accounts and IP ranges.

Share

EUVD-2026-11981 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy