CVE-2026-1202

HighPublic PoC

Published: 20 January 2026

Published

20 January 2026

Modified

29 January 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0032 54.8th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to be carried…

out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

preventrecover

Timely identification, testing, and installation of patches for the improper authentication flaw in appleLogin directly remediates CVE-2026-1202 exploitation.

SI-10 Information Input Validation good match

prevent

Validating the openId argument input prevents manipulation that bypasses authentication in the appleLogin function.

IA-8 Identification and Authentication (Non-organizational Users) good match

prevent

Enforcing robust identification and authentication for non-organizational users like Apple login mitigates the improper authentication bypass vulnerability.

Security SummaryAI

CVE-2026-1202 is an improper authentication vulnerability (CWE-287) affecting CRMEB versions up to 5.6.3. The flaw resides in the appleLogin function within the file crmeb/app/api/controller/v1/LoginController.php, where manipulation of the openId argument enables attackers to bypass authentication mechanisms. Assigned a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), it was published on 2026-01-20.

Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, primarily through authentication bypass, potentially granting unauthorized access to the application.

Advisories from VulDB and a public GitHub proof-of-concept detail the issue, noting that an exploit has been released and may be used in attacks. The vendor was contacted early but provided no response, implying no official patches or mitigations are available at this time.

Details

CWE(s): CWE-287

Affected Products

crmeb

≤ 5.6.3

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

The vulnerability is an authentication bypass in a public-facing web application (CRMEB LoginController), directly enabling remote exploitation without privileges or interaction, aligning with T1190: Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://github.com/foeCat/CVE/blob/main/CRMEB/apple_login_auth_bypass.md
Exploit, Mitigation, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.341788
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.341788
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.734711
Third Party Advisory, VDB Entry · cna@vuldb.com