CVE-2026-10711 PUBLISHED

RCE in Akınsoft's CafePlus

Assigner: TR-CERT
Reserved: 02.06.2026 Published: 23.06.2026 Updated: 23.06.2026

Missing authentication for critical function vulnerability in AKIN Software Computer Import Export Industry and Trade Ltd. CafePlus allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects CafePlus: from 12.05.03 before 12.05.04.

Metrics

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.8

Product Status

Vendor AKIN Software Computer Import Export Industry and Trade Ltd.
Product CafePlus
Versions Default: unaffected
  • affected from 12.05.03 to 12.05.04 (excl.)

Credits

  • Muhammed İbrahim TEKİN finder

References

Problem Types

  • CWE-306 Missing authentication for critical function CWE

Impacts

  • CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs