CVE-2026-14690

SourceCodester · Multi-Vendor Online Grocery Management System

An improper authorization vulnerability in SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows for incorrect privilege assignment, potentially leading to unauthorized access.

Executive summary

A high-severity authorization vulnerability in SourceCodester Multi-Vendor Online Grocery Management System 1.0 creates a risk of privilege escalation and unauthorized access.

Vulnerability

This issue stems from improper authorization and incorrect privilege assignment (CWE-285/CWE-266), which may permit an unauthenticated user to bypass access controls and perform restricted administrative actions.

Business impact

Failure to properly enforce authorization controls can allow unauthorized users to gain elevated privileges, leading to unauthorized access to sensitive financial or customer data. With a CVSS score of 7.3, this flaw threatens the confidentiality and integrity of the system. Unauthorized administrative access could result in significant business disruption and loss of trust.

Remediation

Immediate Action: Review all user roles and permission assignments within the application and monitor for signs of unauthorized administrative activity.

Proactive Monitoring: Audit system logs for unexpected privilege changes or access by accounts that should not possess elevated rights.

Compensating Controls: Restrict network access to administrative interfaces using VPNs or IP whitelisting to limit the attack surface for potential unauthorized actors.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Organizations should treat this vulnerability as critical due to the potential for privilege escalation. Ensure that the application is not exposed to the public internet and verify that all current administrative accounts have appropriate and necessary access levels.