CNNVD-202602-1223 Information
CNNVD ID
CNNVD-202602-1223
Related CVE
- CNNVD Published: 2026-02-08
Description (Chinese)
WukongCRM是中国悟空(Wukong)公司的一个客户关系管理 (CRM) 系统。 WukongCRM 11.3.3及之前版本存在授权问题漏洞,该漏洞源于对组件URL Handler中文件gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java的错误操作,可能导致授权不当。
Description (English)
WukongCRM is a customer relationship management (CRM) system of Wukong, China. 11.3.3 and previous versions of WukongCR 11.3.3 There is a gap in the delegation of authority, which stems from the mishandling of document Gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java in component URL Handler, which may lead to improper delegation of authority.
Hazard Level
High
Vulnerability Type
授权问题
Affected Vendor
悟空
Published
2026-02-08
Last Modified
2026-02-24
References
https://vuldb.com/?submit.747264 https://vuldb.com/?ctiid.344776 https://github.com/SourByte05/SourByte-Lab/issues/8 https://vuldb.com/?id.344776 https://access.redhat.com/security/cve/cve-2026-2141
Patch
https://www.72crm.com/en/yddiaa
Share on: