CVE-2026-30521 - Vulnerability Analysis
MediumCVSS: 6.5Last Updated: April 1, 2026
SourceCodester Loan Management System - Business Logic Vulnerability
Published: March 31, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Loan Management System v1.0 contains a business logic vulnerability caused by improper server-side validation allowing authenticated attackers to create loan plans with negative interest rates by bypassing client-side restrictions.
Severity & Score
Severity: Medium
CVSS Score: 6.5
Impact
Authenticated attackers can create loan plans with negative interest rates, potentially disrupting financial calculations and business operations.
Mitigation
Update to the latest version with proper server-side validation to prevent negative interest rates.
Related Resources
Details
- CVE ID
- CVE-2026-30521
- Severity
- Medium
- CVSS Score
- 6.5
- Type
- broken_access_control
- Status
- confirmed
CWE
- NVD-CWE-noinfo
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N