High severityNVD Advisory· Published May 8, 2026· Updated May 8, 2026

CVE-2026-8077

Description

Lack of proper authorization implementation in the CashDro 3 web administration panel, version 24.01.00.26. The backend lacks authorization controls, leaving security entirely to the frontend. By modifying the binary string in the ‘Permissions’ field of the JSON response, an attacker could escalate privileges and gain full administrative access. This vulnerability allows all restrictions to be bypassed and completely compromises system management.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

labs.itresit.es/2026/05/07/cashdro-vulnerabilities-from-pentest-to-stealing-money/nvd
www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cashdro-3nvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000