Medium severity6.3NVD Advisory· Published Feb 25, 2026· Updated Apr 29, 2026

CVE-2026-3209

Description

A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.

Affected products

Fosrl/Pangolinreferences

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/henrrrychau/0457bef6776d0c99688f9cf55cdf55f7nvd
github.com/fosrl/pangolin/commit/5e37c4e85fae68e756be5019a28ca903b161fdd5nvd
github.com/fosrl/pangolin/pull/2511nvd
github.com/fosrl/pangolin/releases/tag/1.15.4-s.4nvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd
vuldb.comnvd

News mentions

No linked articles in our index yet.

cvss	0.410
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000