CVE-2026-4990

MEDIUM6.9/ 10.0
Share:
Published: March 27, 2026 at 10:16 PM
Modified: March 30, 2026 at 01:26 PM
Source: cna@vuldb.com

Vulnerability Description

A security vulnerability has been detected in chatwoot up to 4.11.1. The affected element is an unknown function of the file /app/login of the component Signup Endpoint. Such manipulation of the argument signupEnabled with the input true leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Metrics

Base Score
6.9
Severity
MEDIUM
Vector String
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Weaknesses (CWE)

CWE-266
CWE-285
Source: cna@vuldb.com

References & Intelligence

https://vuldb.com/?ctiid.353877
Source: cna@vuldb.com
https://vuldb.com/?id.353877
Source: cna@vuldb.com
https://vuldb.com/?submit.772515
Source: cna@vuldb.com

Related Resources

Browse CVE Database
Search 294,000+ vulnerabilities
CVEs from 2026
View all vulnerabilities this year
CWE Database
Explore weakness categories
Security Writeups
Learn from real-world examples
About 4nuxd
Cybersecurity research & tools
Homepage
Explore more security resources