Insecure Direct Object Reference in openSIS Classic Messaging Module
CVE-2026-8406
7.1HIGH
What is CVE-2026-8406?
The messaging module in openSIS Classic 9.3 is vulnerable to an insecure direct object reference flaw. Authenticated users with access can exploit this vulnerability by manipulating the mail_id parameter while requesting sent-message details. This may lead to unauthorized access to sensitive information, allowing users to view messages they shouldn't have permissions for.
Affected Version(s)
openSIS-Classic Windows 9.3
