CVE-2026-3263 PUBLISHED

A vulnerability was found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected by this vulnerability is an unknown functionality of the file /api/Security/ of the component Security API. Performing a manipulation results in improper authorization. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way.

• Ghufran Khan (VulDB User) reporter
• Ghufran Khan (VulDB User) analyst
• VulDB coordinator

• VDB-347986 | go2ismail Asp.Net-Core-Inventory-Order-Management-System Security API improper authorization
• VDB-347986 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #758335 | Indotalent Asp.Net-Core-Inventory-Order-Management-System v9.20250118 Improper Authorization
• https://github.com/Ghufran2/CVE-Asp.Net-Core-Inventory-Order-Management-System-Advisories/blob/main/Asp.Net-Core-Inventory-Order-Management-System%20IDOR%20to%20Full%20System%20Compromise.md

• Improper Authorization CWE
• Incorrect Privilege Assignment CWE