CVE-2026-5326

Name of the Vulnerable Software and Affected Versions SourceCodester Leave Application System version 1.0

Description A vulnerability exists in SourceCodester Leave Application System 1.0 that allows authorization bypass. This is due to manipulation of the ID argument in the /index.php?page=manage user endpoint of the User Information Handler component. The attack can be executed remotely, and the exploit is publicly available.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the /index.php?page=manage user endpoint.