Skip to main content

Pizzy Library EUVDEUVD-2026-36717

| CVE-2026-5230 HIGH
Improper Access Control (CWE-284)
2026-06-15 TR-CERT GHSA-q45q-8hg9-fpfw
7.1
CVSS 3.1 · NVD
Share

Severity by source

Vendor (TR-CERT) PRIMARY
HIGH
qualitative
NVD
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
vuln.today AI
7.1 HIGH

Network-reachable authorization bypass requires an existing low-privilege account (PR:L), no user interaction or special complexity, yielding high confidentiality, low integrity, and no availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch available
Jun 15, 2026 - 16:01 EUVD
Analysis Generated
Jun 15, 2026 - 14:30 vuln.today

DescriptionNVD

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

AnalysisAI

Improper access control in MIA Technology Inc. Pizzy Library versions 1.0.0.26250 through 1.3.9.26250 allows authenticated remote attackers to bypass authorization checks and access resources or actions outside their permission level. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege account on target
Delivery
Reach Pizzy Library network endpoint
Exploit
Invoke operation protected by misconfigured security level
Execution
Bypass authorization tier check
Impact
Read sensitive cross-tier data and perform limited writes

Vulnerability AssessmentAI

Exploitation The attacker must (1) hold valid credentials for at least a low-privilege account on the application using Pizzy Library (PR:L), (2) have network reachability to the library's exposed interface (AV:N), and (3) interact with the specific feature governed by the 'incorrectly configured access control security levels' described by the vendor - i.e., an operation whose authorization decision depends on the misconfigured security-level check. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N) describes a network-reachable, low-complexity flaw that requires low-privilege authentication and no user interaction, with high confidentiality impact, low integrity impact, and no availability impact - consistent with an authorization bypass that primarily exposes data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained any low-privilege account on an application embedding Pizzy Library authenticates normally and then issues a request to a resource or action whose authorization is governed by the misconfigured security level. Because the library does not properly enforce the intended tier separation, the request returns sensitive data belonging to higher-privileged users or tenants, yielding the high-confidentiality and low-integrity outcomes reflected in the CVSS vector. …
Remediation Upstream fix available; the version range 'before 1.3.9.26250' indicates that 1.3.9.26250 is the first non-vulnerable release, so administrators should upgrade Pizzy Library to 1.3.9.26250 or later as obtained from MIA Technology Inc. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Create inventory of all systems and applications using Pizzy Library versions 1.0.0.26250-1.3.9.26250 across production and development environments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-36717 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy