CVE-2026-2141

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WuKongOpenSource WukongCRM versions through 11.3.3

Description A security flaw exists in WuKongOpenSource WukongCRM, specifically within the URL Handler component. The issue resides in the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java and results in improper authorization. Remote exploitation is possible through manipulation. The exploit has been publicly released and may be used in attacks. The vendor was notified but did not respond.

Recommendations Versions prior to 11.3.3 should be updated.

Exploit

Fix

Improper Authorization

Incorrect Privilege Assignment

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-285CWE-266CWE-863

Related Identifiers

CVE-2026-2141

OPENSUSE-SU-2026:10078-1

Affected Products

Wukongcrm

CVE-2026-2141

Weakness Enumeration

Related Identifiers

Affected Products

References · 13