CVE-2026-8077

Name of the Vulnerable Software and Affected Versions CashDro 3 version 24.01.00.26

Description The web administration panel contains an authorization bypass due to a lack of backend authorization controls, which relies solely on the frontend for security. An attacker can escalate privileges and gain full administrative access by modifying the binary string in the Permissions field of the JSON response. This allows all restrictions to be bypassed and compromises system management.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.