Authentication Bypass Vulnerability in Bottelet DaybydayCRM Application
CVE-2026-10283

5.3MEDIUM

Key Information:

Vendor

Bottelet

Status
Daybydaycrm
Vendor
CVE Published:
1 June 2026

What is CVE-2026-10283?

A vulnerability was identified in Bottelet DaybydayCRM, affecting versions up to 2.2.1. The flaw resides in the Setting Handler component, where insufficient authentication measures are present. This deficiency allows unauthorized users to perform actions that should be restricted, leading to potential remote exploitation. To mitigate this risk, users are strongly urged to apply the latest patch provided by Bottelet to secure their systems against unauthorized access.

Affected Version(s)

DaybydayCRM 2.2.0

DaybydayCRM 2.2.1

References

https://vuldb.com/vuln/367576
vdb-entry
https://vuldb.com/vuln/367576/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-10283
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Mitchell_45 (VulDB User)
.