CVE-2026-1203

Name of the Vulnerable Software and Affected Versions CRMEB versions prior to 5.6.3

Description A security issue exists in CRMEB related to improper authentication. This is due to manipulation of the uid argument within the remoteRegister function located in the file crmeb/app/services/user/LoginServices.php of the JSON Token Handler component. The attack can be performed remotely and requires a high level of complexity, but the exploit is publicly available. The vendor was contacted but did not respond.

Recommendations Update CRMEB to a version later than 5.6.3. As a temporary workaround, restrict access to the remoteRegister function.