CVE-2026-1619

Published: Feb 13, 2026Modified: Mar 2, 2026

8.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Exploitability: 2.8 / Impact: 5.5

Source: iletisim@usom.gov.tr

Description

Authorization Bypass Through User-Controlled Key vulnerability in Universal Software Inc. FlexCity/Kiosk allows Exploitation of Trusted Identifiers.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36.

Affected (1)

Products: Uni Yaz: Flexcity

Uni Yaz

1 product

Flexcity

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Uni Yaz Flexcity	From 1.0 to 1.0.36

Related CWEs

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (1)

https://www.usom.gov.tr/bildirim/tr-26-0065

Source: iletisim@usom.gov.tr

Third Party Advisory

Timeline

No history available yet.