CVE-2026-51923
docuForm GmbH · Client
An Insecure Direct Object Reference (IDOR) in docuForm GmbH Client v.11.11c allows remote attackers with low privileges to execute arbitrary code and access other users' data.
Executive summary
An Insecure Direct Object Reference (IDOR) vulnerability in docuForm GmbH Client v.11.11c permits low-privileged attackers to execute arbitrary code and compromise sensitive user data.
Vulnerability
The software contains an Insecure Direct Object Reference (IDOR) vulnerability within its user settings component. This flaw allows an authenticated attacker with low privileges to manipulate object references to execute arbitrary code and gain unauthorized access to data belonging to other users.
Business impact
The CVSS score of 8.1 reflects the high risk associated with this vulnerability, as it allows for both remote code execution and unauthorized data access. A successful compromise could lead to a full breach of user confidentiality, system-wide unauthorized actions, and significant reputational damage to the organization.
Remediation
Immediate Action: Contact docuForm GmbH to obtain the latest security updates or patches for the Client software.
Proactive Monitoring: Review application access logs for unusual patterns, such as account identifiers that do not correspond to the current user session or unexpected code execution attempts.
Compensating Controls: Implement strict identity and access management controls and ensure that the application is running with the principle of least privilege to limit the impact of a potential compromise.
Exploitation status
Public Exploit Available: No confirmed public exploit is currently available.
Analyst recommendation
The severity of this flaw requires immediate attention from security teams. Organizations should prioritize updating the affected software as soon as a patch is released to prevent the potential for arbitrary code execution and unauthorized data retrieval.