PT-2026-56567 · Antiwork · Gumroad

George Chen

·

Publicado

2026-07-08

·

Atualizado

2026-07-08

·

CVE-2026-59805

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Gumroad before 2026.07.06.2 contains a broken access control vulnerability in the PurchasesController that allows authenticated sellers to manipulate purchase access for other sellers' products by sending PUT requests to the revoke access and undo revoke access actions without seller ownership validation. Attackers can modify the is access revoked status on arbitrary purchases to unauthorized revoke or restore buyer access to products they do not own.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-59805

Produtos afetados

Gumroad