CVE-2026-6212

Teracity Software · TeraMIS

Teracity Software TeraMIS is impacted by an authorization bypass vulnerability, allowing authenticated users to manipulate user-controlled keys for unauthorized access.

Executive summary

Teracity Software TeraMIS is vulnerable to an authorization bypass flaw that permits authenticated attackers to access or modify restricted system resources.

Vulnerability

This is an instance of CWE-639 (Authorization bypass through User-Controlled key). An authenticated attacker can bypass authorization checks by modifying specific parameters in the application request, granting them unauthorized access to data or functions intended for other users or administrative roles.

Business impact

The CVSS score of 8.8 underscores the severity of this vulnerability, which threatens the confidentiality and integrity of critical management data. Unauthorized access via this flaw could lead to the exposure of sensitive corporate information or the unauthorized modification of system configurations, potentially resulting in operational disruption and loss of trust in the platform's security controls.

Remediation

Immediate Action: Monitor official communication channels from Teracity Software and apply the necessary security patches immediately upon release.

Proactive Monitoring: Review system audit logs for anomalous access patterns where users are accessing data objects that do not correlate with their assigned permissions.

Compensating Controls: Where possible, restrict access to the TeraMIS instance to trusted internal networks and utilize WAF rules to validate that user-supplied keys match the expected session context.

Exploitation status

Public Exploit Available: false

Analyst recommendation

The vulnerability represents a significant risk to the integrity of the TeraMIS platform. Security teams should ensure that all instances are updated to a non-vulnerable version as soon as the vendor provides a remediation, and maintain heightened awareness of account activity until the patch is applied.