Vendor

Craftycontrol

Products

CVEs

Across products

Status

Private

Products

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-5652	Cri	0.59	9.0	0.00		Apr 21, 2026	An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.