CVE-2026-3738 - Vulnerability Analysis
MediumCVSS: 6.3Last Updated: March 9, 2026
SourceCodester Pet Grooming Management Software - Broken Access Control
Published: March 8, 2026Updated: March 9, 2026PoC AvailableRemote Exploitable
Overview
SourceCodester Pet Grooming Management Software 1.0 contains a broken access control vulnerability caused by improper authorization in the Financial Report Page, letting remote attackers access unauthorized functionality, exploit requires no special privileges.
Severity & Score
Severity: Medium
CVSS Score: 6.3
Impact
Remote attackers can access unauthorized financial data or functionality, potentially leading to data exposure or manipulation.
Mitigation
Update to the latest version or apply vendor patches addressing authorization checks.
References
Related Resources
Details
- CVE ID
- CVE-2026-3738
- Severity
- Medium
- CVSS Score
- 6.3
- Type
- broken_access_control
- Status
- confirmed
CWE
- CWE-266
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L