Skip to main content

Xdmod

1 CVEs product

Monthly

CVE-2026-45776 MEDIUM PATCH This Month

Session variable manipulation in Open XDMoD prior to version 11.0.3 enables low-privileged authenticated remote attackers to bypass access control logic by submitting a crafted HTTPS POST request that overrides a session variable governing authorization decisions. Exploitation is contingent on the optional Job Performance (SUPReMM) module being installed; without it, the vulnerable code path is not reachable. No public exploit code exists and no active exploitation has been identified at time of analysis; the vendor released a fix in v11.0.3 on 2026-05-12 following private disclosure on 2026-04-06.

Authentication Bypass Xdmod
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.1%
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Session variable manipulation in Open XDMoD prior to version 11.0.3 enables low-privileged authenticated remote attackers to bypass access control logic by submitting a crafted HTTPS POST request that overrides a session variable governing authorization decisions. Exploitation is contingent on the optional Job Performance (SUPReMM) module being installed; without it, the vulnerable code path is not reachable. No public exploit code exists and no active exploitation has been identified at time of analysis; the vendor released a fix in v11.0.3 on 2026-05-12 following private disclosure on 2026-04-06.

Authentication Bypass Xdmod
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy