Skip to main content

Teramis

1 CVEs product

Monthly

CVE-2026-6212 HIGH This Week

Authorization bypass in Teracity TeraMIS (versions V03.26.01.14 through the 30.04.2026 build) lets an authenticated low-privilege user tamper with a user-controlled object key to reach records and functions belonging to other users or higher-privilege roles (CWE-639 IDOR). The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms remote, low-complexity exploitation by any account holder, yielding high confidentiality and integrity impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS and POC data were not provided.

Authentication Bypass Teramis
NVD
CVSS 3.1
8.8
EPSS
0.3%
EPSS 0% CVSS 8.8
HIGH This Week

Authorization bypass in Teracity TeraMIS (versions V03.26.01.14 through the 30.04.2026 build) lets an authenticated low-privilege user tamper with a user-controlled object key to reach records and functions belonging to other users or higher-privilege roles (CWE-639 IDOR). The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms remote, low-complexity exploitation by any account holder, yielding high confidentiality and integrity impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS and POC data were not provided.

Authentication Bypass Teramis
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy