Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-8406
PUBLISHED
More InfoOfficial Page
Assigner-Fluid Attacks
Assigner Org ID-84fe0718-d6bb-4716-a7e8-81a6d1daa869
View Known Exploited Vulnerability (KEV) details
Published At-11 Jun, 2026 | 13:32
Updated At-11 Jun, 2026 | 14:28
Rejected At-
▼CVE Numbering Authority (CNA)
openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail_id value.

Affected Products
Vendor
OS4ED
Product
openSIS-Classic
Platforms
  • Windows
  • Linux
  • MacOS
Default Status
unaffected
Versions
Affected
  • 9.3
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639 Authorization Bypass Through User-Controlled Key
Type: CWE
CWE ID: CWE-639
Description: CWE-639 Authorization Bypass Through User-Controlled Key
Metrics
VersionBase scoreBase severityVector
4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-21CAPEC-21 Exploitation of Trusted Identifiers
CAPEC ID: CAPEC-21
Description: CAPEC-21 Exploitation of Trusted Identifiers
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Daniel Celis
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fluidattacks.com/es/advisories/melanie
third-party-advisory
https://github.com/OS4ED/openSIS-Classic/commit/c45d43146167324bae06bdf09de3e4bd2e5e478f
patch
https://github.com/OS4ED/openSIS-Classic
product
Hyperlink: https://fluidattacks.com/es/advisories/melanie
Resource:
third-party-advisory
Hyperlink: https://github.com/OS4ED/openSIS-Classic/commit/c45d43146167324bae06bdf09de3e4bd2e5e478f
Resource:
patch
Hyperlink: https://github.com/OS4ED/openSIS-Classic
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fluidattacks.com/es/advisories/melanie
exploit
Hyperlink: https://fluidattacks.com/es/advisories/melanie
Resource:
exploit
Details not found