What is CVE-2026-1202?

A security flaw in CRMEB affects versions up to 5.6.3, allowing improper authentication through remote exploitation. Organizations should address this vulnerability promptly to mitigate risk.

What is the severity of CVE-2026-1202?

CVE-2026-1202 has a severity rating of MEDIUM with a CVSS base score of 5.5.

CVE-2026-1202 | Medium Vulnerability in CRMEB

A security flaw has been discovered in CRMEB up to version 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

This vulnerability allows attackers to bypass authentication mechanisms, potentially compromising user accounts and sensitive information. The medium severity level indicates a significant risk that requires immediate attention from organizations using the affected product.

Organizations should prioritize patching immediately. The lack of vendor response to the disclosure raises concerns about ongoing support and resolution of this vulnerability, making it imperative for users to take action.

With the exploit publicly available, the potential for attacks against CRMEB installations is heightened. Companies utilizing the platform should assess their exposure and implement necessary mitigations.

Vulnerability Details

The vulnerability description states that a security flaw exists in CRMEB versions up to 5.6.3, specifically in the appleLogin function of the LoginController.php file. The CVSS score is 5.5, which is classified as medium severity. This score indicates that the vulnerability can be exploited with low complexity and requires no privileges or user interaction.

The CWE classification for this vulnerability is CWE-287, indicating improper authentication. Organizations must be aware of the potential impacts, including unauthorized access to sensitive user data.

Technical Analysis

The root cause of this vulnerability stems from the improper handling of the openId argument within the appleLogin function. Attackers can exploit this flaw through network access, utilizing relatively low complexity to manipulate the authentication process without requiring any privileges or user interaction.

Given that the vulnerability has a low attack complexity, it is important for affected organizations to consider the confidentiality, integrity, and availability impacts, all of which are assessed as low.

Risk & Impact Analysis

Risk to organizations includes unauthorized access to user accounts and potential data breaches. The blast radius could be significant, especially for organizations with a large user base, as attackers may exploit this vulnerability to gain access to sensitive information.

Organizations should schedule remediation as soon as possible, given the potential for exploitation. The CVSS score of 5.5 indicates a medium urgency, and the fact that an exploit has been publicly released escalates the need for immediate action to mitigate risk.

Exploitation Status

Signal	Status
Known Exploit	Yes
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

All versions of CRMEB prior to 5.6.4 are affected by this vulnerability. Organizations should ensure they are running the latest version to mitigate this risk.

Mitigation & Remediation

To remediate this vulnerability, organizations should upgrade to CRMEB version 5.6.4 or later. If a patch is unavailable, consider implementing network controls to restrict access to the affected components. Additionally, continuous monitoring should be established to detect any unauthorized access attempts.

Organizations should also consider conducting a thorough security assessment, such as a security assessment to identify any further vulnerabilities that may exist within their systems.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unusual authentication requests and any access attempts to the appleLogin function. Behavioral anomalies may indicate an ongoing attack, and network signatures should be established to identify unauthorized access attempts.

AppSecure Threat Intelligence Insight

The discovery of this vulnerability in CRMEB highlights the importance of regular security assessments and timely responses to disclosures. Organizations must remain vigilant in their security practices to prevent similar vulnerabilities from being exploited in the future.

Security teams should adopt a proactive approach to vulnerability management by implementing a comprehensive vulnerability management program to reduce exposure to future threats.

Additionally, organizations may benefit from engaging in regular penetration testing to identify and address vulnerabilities before they can be exploited.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-1202: Medium Vulnerability in CRMEB