Authorization Bypass in mjperpinosa Stumasy Note Handler/Assignment Handler
CVE-2026-14753
Key Information:
- Vendor
Mjperpinosa
- Status
- Vendor
- CVE Published:
- 5 July 2026
Badges
What is CVE-2026-14753?
A vulnerability exists in mjperpinosa's Stumasy within the Note Handler and Assignment Handler components, specifically impacting the /PHP/objects/notes file. This vulnerability allows for an authorization bypass through manipulation of the argument 'assignment_item_id'. The exploit can be executed remotely, posing significant risks of unauthorized access. Continuous delivery with rolling releases complicates the tracking of affected versions, as the project maintains a dynamic update model. Despite early notification regarding this issue, the project maintainers have yet to provide a response.
Affected Version(s)
stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
