CVE-2026-9412 PUBLISHED

A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Multiple endpoints are affected.

• c4ttr4ck (VulDB User) reporter

• VDB-365393 | SourceCodester Indian Invoicing System Backend Endpoint access control
• VDB-365393 | CTI Indicators (IOB, IOC, TTP)
• Submit #813608 | SourceCodester Invoice-System 1.0 Broken Access Control
• https://gist.github.com/c4ttr4ck/db84fc2af3e542acf1eab685264bcfc1
• https://www.sourcecodester.com/

• Improper Access Controls CWE
• Incorrect Privilege Assignment CWE