Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.
AnalysisAI
Privilege escalation in Augmentt 1.0 allows authenticated low-privilege users to manipulate HTTP parameters and gain super administrator access, exposing all tenant data and configurations to unauthorized modification. CVSS 9.6 critical severity with scope change indicates cross-tenant impact potential. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Attacker must possess valid Augmentt user credentials with at least standard (low-privilege) user access-confirmed by CVSS vector PR:L indicating low-privileged authenticated access required. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | This represents a critical real-world risk despite requiring initial authentication (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A malicious employee or contractor with standard user credentials logs into the Augmentt platform and intercepts HTTP requests using browser developer tools or a proxy like Burp Suite. They identify parameters controlling user role or privilege level (such as 'roleId' or 'isAdmin' fields in API requests) and modify these values to match super administrator privileges before resubmitting the request. … |
| Remediation | Upgrade to a patched version of Augmentt if released by the vendor-check https://nvd.nist.gov/vuln/detail/CVE-2026-6356 and contact Augmentt support for current patch status as no specific fix version is confirmed in available data. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
24 hours: Inventory all Augmentt 1.0 deployments and document user privilege levels; implement network segmentation to restrict low-privilege user access to Augmentt administrative interfaces. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-24750
GHSA-pmj4-wrc3-26hm