CVE 9.3 CRITICAL

Authorization Bypass in ICMS Content Management by Creartia Internet Consulting_CVE-2026-4320

May 18, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for credentials.

AI Analysis

Authorization Bypass vulnerability allowing unauthorized access to protected features

Basic Information

ID CVE-2026-4320

Source INCIBE

Published May 18, 2026 at 10:07

Affected Product

Vendor Creartia Internet Consulting

Product ICMS Content Management

Affected Versions Creartia Internet Consulting ICMS Content Management 0

CWE Classification

CWE-288

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Creartia Internet Consulting

Product ICMS Content Management

References

www.incibe.es /en/incibe-cert/notices/aviso/authorization-bypass-icms-content-management-creartia-internet-consulting

{
    "lastseen": "",
    "description": "Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for credentials.",
    "published": "2026-05-18T10:07:33.201Z",
    "modified": "2026-05-18T10:07:33.201Z",
    "type": "cve",
    "title": "Authorization Bypass in ICMS Content Management by Creartia Internet Consulting",
    "source": "INCIBE",
    "references": "https://www.incibe.es/en/incibe-cert/notices/aviso/authorization-bypass-icms-content-management-creartia-internet-consulting",
    "id": "CVE-2026-4320",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "Creartia Internet Consulting ICMS Content Management 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ICMS Content Management",
    "version": "0",
    "vendor": "Creartia Internet Consulting",
    "ai_description": "Authorization Bypass vulnerability allowing unauthorized access to protected features",
    "ai_severity": "Critical",
    "ai_vendor": "Creartia Internet Consulting",
    "ai_product": "ICMS Content Management",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply