Home / Vulnerability Intelligence / CVE-2026-40784

CVE-2026-40784 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: April 15, 2026

Mahmudul Hasan Arif FluentBoards - Authorization Bypass

Published: April 15, 2026Updated: April 15, 2026Remote Exploitable

Overview

Mahmudul Hasan Arif FluentBoards <= 1.91.2 contains an authorization bypass caused by incorrectly configured access control security levels, letting attackers bypass authorization, exploit requires crafted user-controlled key.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can bypass authorization controls, gaining unauthorized access to restricted resources or actions.

Mitigation

Update to the latest version beyond 1.91.2.

References

https://patchstack.com/database/Wordpress/Plugin/fluent-boards/vulnerability/wordpress-fluentboards-plugin-1-91-2-insecure-direct-object-references-idor-vulnerability?_s_id=cve

Related Resources

Details

CVE ID: CVE-2026-40784
Severity: High
CVSS Score: 8.1
Type: broken_access_control
Status: new

CWE

CWE-639

CVSS Metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L