Cyber Resilience

CVE-2026-6356

Critical

Published: 22 April 2026

Published
22 April 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
EPSS Score 0.0029 20.2th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-6356 is a critical-severity Insufficient Granularity of Access Control (CWE-1220) vulnerability in Augmentt Augmentt. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-6356 is a privilege escalation vulnerability in a web application that allows standard users to elevate their privileges to super administrator levels through parameter manipulation. This flaw enables attackers to access and modify sensitive information. It carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N) and is associated with CWE-1220. The vulnerability was published on 2026-04-22.

Standard users with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity and no user interaction required. Successful exploitation changes the scope (S:C) and results in high impacts to confidentiality and integrity (C:H/I:H), allowing attackers to gain super administrator access and manipulate sensitive data, while availability remains unaffected (A:N).

For mitigation details, refer to the advisories and resources in the referenced GitHub repositories at https://github.com/Penguinsecq/CVE-2026-6356/.

EU & UK References

Vulnerability details

A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The CVE describes a privilege escalation vulnerability allowing low-privileged users to gain super administrator access via parameter manipulation in a web application, directly enabling exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-33825Shared CWE-1220
CVE-2025-7493Shared CWE-1220
CVE-2024-53295Shared CWE-1220
CVE-2026-6388Shared CWE-1220
CVE-2026-35436Shared CWE-1220
CVE-2023-31343Shared CWE-1220
CVE-2026-40365Shared CWE-1220
CVE-2023-31342Shared CWE-1220
CVE-2024-13256Shared CWE-1220
CVE-2025-20111Shared CWE-1220

Affected Assets

augmentt
augmentt
≤ 2025-10-02

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Validates and sanitizes user inputs including manipulated parameters to prevent privilege escalation exploits in the web application.

prevent

Enforces approved access authorizations in the web application, blocking standard users from escalating to super administrator privileges.

prevent

Limits privileges to the minimum necessary, reducing the impact of potential privilege escalation even if parameter manipulation partially succeeds.

References