CVE-2026-2174
Published: 08 February 2026
Summary
CVE-2026-2174 is a high-severity Improper Authentication (CWE-287) vulnerability in Fabian Contact Management System. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Detects unauthorized successful logons resulting from improper authentication implementations.
Documented procedures ensure personnel are trained on authentication mechanisms, tangibly lowering the risk of improper authentication being exploited.
Security awareness training instructs users on secure authentication practices and avoiding credential compromise.
Training on authentication mechanisms and best practices decreases the occurrence of improper authentication.
Non-repudiation requires strong authentication mechanisms to irrefutably attribute performed actions to specific individuals or processes.
Session content review can reveal authentication bypasses or failures in session establishment.
Review of authentication-related audit records can detect improper authentication mechanisms or bypasses.
Assessments check authentication mechanisms for correct implementation and effectiveness, reducing successful authentication bypass attempts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper authentication (CWE-287) in public-facing CRUD endpoint of web app allows unauthenticated remote exploitation via ID manipulation, directly mapping to T1190.
NVD Description
A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.
Deeper analysisAI
CVE-2026-2174 is an improper authentication vulnerability (CWE-287) in code-projects Contact Management System 1.0, affecting an unknown part of the CRUD Endpoint component. The issue arises from manipulation of the ID argument, enabling remote attacks. It carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) and was published on 2026-02-08T19:16:21.597.
The vulnerability can be exploited remotely by unauthenticated attackers with no privileges required and no user interaction needed, due to low attack complexity and network accessibility. Successful exploitation allows limited impacts, including low-level disruption to confidentiality, integrity, and availability.
Advisories and further details are available from VulDB at https://vuldb.com/?ctiid.344875, https://vuldb.com/?id.344875, and https://vuldb.com/?submit.749262, as well as the project site at https://code-projects.org/.
Details
- CWE(s)