CVE-2026-5230 PUBLISHED

Improper Access Control in Mia Technologies' Pizzy Library

Assigner: TR-CERT
Reserved: 31.03.2026 Published: 15.06.2026 Updated: 15.06.2026

Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVSS Score: 7.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	MIA Technology Inc.
Product	Pizzy Library
Versions	Default: unaffected affected from 1.0.0.26250 to 1.3.9.26250 (excl.)

Credits

Ahmet DURMUŞ finder
STM Savunma Teknolojileri Mühendislik ve Ticaret A.Ş. sponsor

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0383

Problem Types

CWE-284 Improper Access Control CWE
CWE-862 Missing Authorization CWE

Impacts

CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels