CVE-2026-6280 PUBLISHED

Improper Access Control in Nomysoft Informatics' Nomysem

Assigner: TR-CERT
Reserved: 14.04.2026 Published: 08.07.2026 Updated: 08.07.2026

Exposure of sensitive information due to incompatible policies vulnerability in NOMYSOFT Informatics Education and Consulting Inc. Nomysem allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Nomysem: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 6.5

Product Status

Vendor NOMYSOFT Informatics Education and Consulting Inc.
Product Nomysem
Versions Default: unknown
  • affected from 0 to 08072026 (incl.)

Credits

  • Fatih AKTÜRK finder

References

Problem Types

  • CWE-213 Exposure of sensitive information due to incompatible policies CWE

Impacts

  • CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs