Improper Control of Resource Identifiers in Macrozheng Mall by Macrozheng
CVE-2026-15186

5.3MEDIUM

Key Information:

Vendor

Macrozheng

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-15186?

A vulnerability has been identified in the macrozheng mall, specifically within versions up to 1.0.3, affecting the Portal Endpoint. This issue arises from improper control of resource identifiers through the manipulation of the argument 'orderId' in the /returnApply/create function. The vulnerability allows remote attackers to initiate exploits, potentially leading to unauthorized access and resource exposure. Notably, the GitHub issue reporting this vulnerability was deleted by the vendor without an explanation, raising concerns over transparency and user safety. The exploit for this vulnerability is publicly available, heightening the urgency for users to address it.

Affected Version(s)

mall 1.0.0

mall 1.0.1

mall 1.0.2

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

peanutbutter (VulDB User)
VulDB CNA Team
.