Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization
CVE-2026-11521

5.3MEDIUM

Key Information:

Vendor

Mohammed-eid35

Status
Bank-management-system-springboot
Vendor
CVE Published:
8 June 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-11521?

A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/com/alien/bank/management/system/controller/TransactionController.java of the component Transaction Endpoint. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.

Affected Version(s)

bank-management-system-springboot 7b9bcc65ad7df3db29af71aed9bb500e5f24d948

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-11521 - Proof of Concept

References

https://vuldb.com/vuln/369141
vdb-entry
https://vuldb.com/vuln/369141/cti
signaturepermissions-required
https://vuldb.com/cve/CVE-2026-11521
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

wr0ld (VulDB User)
VulDB CNA Team
.