Unrated severityOSV Advisory· Published Jan 12, 2026· Updated Jan 13, 2026

WebErpMesv2 allows unauthenticated API Access

CVE-2026-22788

Description

WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, the WebErpMesV2 application exposes multiple sensitive API endpoints without authentication middleware. An unauthenticated remote attacker can read business-critical data including companies, quotes, orders, tasks, and whiteboards. Limited write access allows creation of company records and full manipulation of collaboration whiteboards. This vulnerability is fixed in 1.19.

Affected products

Smewebify/Weberpmesv2OSV
Range: 1.10, v1.0-beta, v1.0.0-RC, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/SMEWebify/WebErpMesv2/commit/3a7ab1c95d1d1c8f7c62c84bc87b3666ecd2fa23mitrex_refsource_MISC
github.com/SMEWebify/WebErpMesv2/security/advisories/GHSA-pp68-5pc2-hv7wmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000