ITPison｜OMICARD EDM - Insecure Direct Object Reference
CVE-2026-10597

6.9MEDIUM

Key Information:

Vendor: Itpison
Status: Omicard Edm
Vendor: CVE Published:; 4 June 2026

What is CVE-2026-10597?

OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address.

Affected Version(s)

OMICARD EDM 5.8 <= 6.0.5.8

References

https://www.twcert.org.tw/tw/cp-132-10947-027a7-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-10948-78864-2.html

third-party-advisory

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2026
Vulnerability Reserved
Jun 2, 2026

CVE-2026-10597 Data

JSON

Itpison

What is CVE-2026-10597?

Affected Version(s)

References

CVSS V4

Timeline