CVE-2026-31150

Published: Apr 6, 2026Modified: Apr 10, 2026

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources.

Affected (1)

Products: Kaleris: Yard Management Solutions

Kaleris

1 product

Yard Management Solutions

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Kaleris Yard Management Solutions	Version 7.2.2.1

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-639

Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

References (2)

https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2026-31150

Source: cve@mitre.org

ExploitThird Party Advisory

https://kaleris.com/solutions/yard-management/

Source: cve@mitre.org

Product

Timeline

No history available yet.