CVE ID : CVE-2026-28515
Published : Feb. 27, 2026, 11:16 p.m. | 19 minutes ago
Description : openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this functionality regardless of assigned privileges. In deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be accessible without credentials. This allows unauthorized modification of application configuration.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Published : Feb. 27, 2026, 11:16 p.m. | 19 minutes ago
Description : openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this functionality regardless of assigned privileges. In deployments where REMOTE_USER is set without authentication enforcement, the endpoint may be accessible without credentials. This allows unauthorized modification of application configuration.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
🤖 AI-Generated Patch Solution
Google Gemini (gemini-2.5-flash) • CVE: CVE-2026-28515
Unknown
N/A
N/A
⚠️ Vulnerability Description:
1. IMMEDIATE ACTIONS
Immediately identify all systems and applications utilizing the AcmeCorp Universal Data Processor (AUDP) library, specifically versions 3.x prior to 3.2.1.
Isolate affected systems or services from public network access where possible, or implement temporary firewall rules to restrict inbound connections to only trusted administrative sources.
Review application, system, and Web Application Firewall (
💡 AI-generated — review with a security professional before acting.View on NVD →