Home / Vulnerability Intelligence / CVE-2026-6356

CVE-2026-6356 - Vulnerability Analysis

CriticalCVSS: 9.6

Last Updated: April 22, 2026

Web Application - Broken Access Control

Published: April 22, 2026Updated: April 22, 2026PoC AvailableRemote Exploitable

Overview

A web application contains a broken access control vulnerability caused by parameter manipulation, letting standard users escalate privileges to super administrator and access/modify sensitive information, exploit requires user authentication.

Severity & Score

Severity: Critical

CVSS Score: 9.6

EPSS Score: 2.8%(Probability of exploitation in next 30 days)

Impact

Standard users can escalate privileges to super administrator, gaining full access and modification rights to sensitive data.

Mitigation

Update to the latest version with access control fixes.

References

https://github.com/Penguinsecq/CVE-2026-6356/

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Apr 22, 2026

🔴 CVE-2026-6356 - Critical (9.6) A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-6356/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

GitHub Repositories(1 repo)

https://github.com/Penguinsecq/CVE-2026-6356

Related Resources

Details

CVE ID: CVE-2026-6356
Severity: Critical
CVSS Score: 9.6
Type: broken_access_control
Status: unconfirmed
EPSS: 2.8%
Social Posts: 1

CWE

CWE-1220

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

EPSS Score

2.8%Probability of exploitation in the next 30 days