CVE-2026-1202
Published: 20 January 2026
Summary
CVE-2026-1202 is a high-severity Improper Authentication (CWE-287) vulnerability in Crmeb Crmeb. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 45.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 IA-8 (Identification and Authentication (Non-organizational Users)) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely identification, testing, and installation of patches for the improper authentication flaw in appleLogin directly remediates CVE-2026-1202 exploitation.
Validating the openId argument input prevents manipulation that bypasses authentication in the appleLogin function.
Enforcing robust identification and authentication for non-organizational users like Apple login mitigates the improper authentication bypass vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an authentication bypass in a public-facing web application (CRMEB LoginController), directly enabling remote exploitation without privileges or interaction, aligning with T1190: Exploit Public-Facing Application.
NVD Description
A security flaw has been discovered in CRMEB up to 5.6.3. The affected element is the function appleLogin of the file crmeb/app/api/controller/v1/LoginController.php. Performing a manipulation of the argument openId results in improper authentication. The attack is possible to be carried…
more
out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2026-1202 is an improper authentication vulnerability (CWE-287) affecting CRMEB versions up to 5.6.3. The flaw resides in the appleLogin function within the file crmeb/app/api/controller/v1/LoginController.php, where manipulation of the openId argument enables attackers to bypass authentication mechanisms. Assigned a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), it was published on 2026-01-20.
Remote attackers require no privileges or user interaction to exploit this vulnerability over the network with low complexity. Successful exploitation allows limited impacts on confidentiality, integrity, and availability, primarily through authentication bypass, potentially granting unauthorized access to the application.
Advisories from VulDB and a public GitHub proof-of-concept detail the issue, noting that an exploit has been released and may be used in attacks. The vendor was contacted early but provided no response, implying no official patches or mitigations are available at this time.
Details
- CWE(s)