Skip to main content

Biloop

1 CVEs product

Monthly

CVE-2026-12686 CRITICAL PATCH Act Now

Cross-tenant authorization bypass in Adiss Biloop allows an authenticated user to manipulate the company ID parameter in a backend POST request and access or modify data belonging to other companies (tenants) hosted in the same subdomain environment. The flaw exposes sensitive customer information including billing data and permits unauthorized modification of third-party records. No public exploit has been identified at time of analysis, but the CVSS 4.0 base score of 9.3 (Critical) and low privilege requirement make this a high-priority issue for multi-tenant Biloop deployments.

Authentication Bypass Biloop
NVD VulDB
CVSS 4.0
9.3
EPSS
0.3%
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Cross-tenant authorization bypass in Adiss Biloop allows an authenticated user to manipulate the company ID parameter in a backend POST request and access or modify data belonging to other companies (tenants) hosted in the same subdomain environment. The flaw exposes sensitive customer information including billing data and permits unauthorized modification of third-party records. No public exploit has been identified at time of analysis, but the CVSS 4.0 base score of 9.3 (Critical) and low privilege requirement make this a high-priority issue for multi-tenant Biloop deployments.

Authentication Bypass Biloop
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy