CVE-2026-3185 – feiyuchuixue sz-boot-parent API Endpoint sys-message authorization

CVE ID : CVE-2026-3185

Published : Feb. 25, 2026, 2:16 p.m. | 52 minutes ago

Description : A vulnerability was found in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected is an unknown function of the file /api/admin/sys-message/ of the component API Endpoint. The manipulation of the argument messageId results in authorization bypass. The attack can be launched remotely. The exploit has been made public and could be used. Upgrading to version 1.3.3-beta is able to address this issue. The patch is identified as aefaabfd7527188bfba3c8c9eee17c316d094802. The affected component should be upgraded. The project was informed beforehand and acted very professional: “We have implemented message ownership verification, so that users can only query messages related to themselves.”

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-3185 – feiyuchuixue sz-boot-parent API Endpoint sys-message authorization

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-21902 – Junos OS Evolved: PTX Series: A vulnerability allows a unauthenticated, network-based attacker to execute code as root

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-3221 – Devolutions Server Unencrypted User Account Information Vulnerability

CVE-2026-25476 – OpenEMR has Session Timeout Bypass via skip_timeout_reset

CVE-2026-25220 – OpenEMR Messages “Show All” Not Restricted to Admins

CVE-2026-3194 – Chia Blockchain RPC Server Master Passphrase get_private_key missing authentication