CVE-2026-14690
SourceCodester · Multi-Vendor Online Grocery Management System
An improper authorization vulnerability in SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows for incorrect privilege assignment, potentially leading to unauthorized access.
Executive summary
A high-severity authorization vulnerability in SourceCodester Multi-Vendor Online Grocery Management System 1.0 creates a risk of privilege escalation and unauthorized access.
Vulnerability
This issue stems from improper authorization and incorrect privilege assignment (CWE-285/CWE-266), which may permit an unauthenticated user to bypass access controls and perform restricted administrative actions.
Business impact
Failure to properly enforce authorization controls can allow unauthorized users to gain elevated privileges, leading to unauthorized access to sensitive financial or customer data. With a CVSS score of 7.3, this flaw threatens the confidentiality and integrity of the system. Unauthorized administrative access could result in significant business disruption and loss of trust.
Remediation
Immediate Action: Review all user roles and permission assignments within the application and monitor for signs of unauthorized administrative activity.
Proactive Monitoring: Audit system logs for unexpected privilege changes or access by accounts that should not possess elevated rights.
Compensating Controls: Restrict network access to administrative interfaces using VPNs or IP whitelisting to limit the attack surface for potential unauthorized actors.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Organizations should treat this vulnerability as critical due to the potential for privilege escalation. Ensure that the application is not exposed to the public internet and verify that all current administrative accounts have appropriate and necessary access levels.