PT-2026-45462 · Themefic · Hydra Booking
Raihan Adi Arba
·
Published
2026-06-01
·
Updated
2026-06-01
·
CVE-2026-42675
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Hydra Booking versions prior to 1.1.42
Description
A missing authorization issue in Themefic Hydra Booking allows for the exploitation of incorrectly configured access control security levels. This is a broken access control flaw where the system fails to properly verify if a user has the necessary permissions to perform an action.
Recommendations
Update to a version later than 1.1.41.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hydra Booking