Home / Vulnerability Intelligence / CVE-2026-32699

CVE-2026-32699 - Vulnerability Analysis

N/a

Last Updated: May 5, 2026

FacturaScripts - Broken Access Control

Published: May 5, 2026Updated: May 5, 2026PoC Available

Overview

FacturaScripts <= 2025.92 contains a broken access control vulnerability caused by lack of validation on the nick parameter in EditUser controller, letting authenticated users rename any account including administrator, exploit requires user authentication.

Severity & Score

Severity: N/a

Impact

Authenticated users can rename any account, including administrator, leading to unauthorized account modifications.

Mitigation

Update to a version later than 2025.92 or latest available version.

References

https://github.com/NeoRazorX/facturascripts/security/advisories/GHSA-pp79-hqv6-vmc3

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-32699
Severity: N/a
Type: broken_access_control
Status: new

CWE

CWE-472

CVSS Metrics

N/A