CVE-2026-3262

MediumPublic PoC

Published: 26 February 2026

Published

26 February 2026

Modified

03 March 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0009 26.1th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-3262 is a medium-severity EAR (CWE-698) vulnerability in Go2Ismail Asp.Net-Core-Inventory-Order-Management-System. Its CVSS base score is 6.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 26.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068).

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The CVE describes a client-side redirect bypass in the administrative interface that enables an authenticated low-privileged user to escalate privileges (CWE-698/705), directly mapping to exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A vulnerability has been found in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to 9.20250118. Affected is an unknown function of the component Administrative Interface. Such manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to…

the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2026-3262 is a vulnerability in go2ismail Asp.Net-Core-Inventory-Order-Management-System up to version 9.20250118. It affects an unknown function of the Administrative Interface component, where such manipulation leads to execution after redirect. The issue is associated with CWE-698 and CWE-705, carrying a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

The vulnerability enables a remote attack by an authenticated user with low privileges. Exploitation requires low complexity and no user interaction, allowing the attacker to achieve low-level impacts on confidentiality, integrity, and availability.

Advisories detail the issue as privilege escalation via client-side redirect bypass and are available via GitHub and VulDB references. The vendor was contacted early about the disclosure but did not respond, and no patches or mitigations are specified in the available information. The exploit has been publicly disclosed and may be used.

Details

CWE(s): CWE-698 CWE-705

Affected Products

go2ismail

asp.net-core-inventory-order-management-system

≤ 9.20250118

CVEs Like This One

CVE-2026-3263Same product: Go2Ismail Asp.Net-Core-Inventory-Order-Management-System

CVE-2026-3264Same vendor: Go2Ismail

CVE-2026-3265Same vendor: Go2Ismail

CVE-2025-6967Shared CWE-698

CVE-2026-2699Shared CWE-698

CVE-2025-8350Shared CWE-698

References

https://github.com/Ghufran2/CVE-Asp.Net-Core-Inventory-Order-Management-System-Advisories/blob/main/Asp.Net-Core-Inventory-Order-Management-System%20Privilege%20Escalation%20via%20Client-Side%20Redirect%20Bypass.md
Exploit, Mitigation, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.347985
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.347985
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.758333
Third Party Advisory, VDB Entry · cna@vuldb.com