Medium severity6.5NVD Advisory· Published Apr 2, 2026· Updated Apr 29, 2026

CVE-2026-5330

Description

A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controls. The attack may be initiated remotely. The exploit has been made public and could be used.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/zy606/Vulnerability-Report/tree/main/Gaatitrack-Unauth-Deletenvd
vuldb.com/submit/780734nvd
vuldb.com/vuln/354664nvd
vuldb.com/vuln/354664/ctinvd

News mentions

Milesight Cameras
CISA Alerts

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000