CVE-2026-42160

Published: Mag 08, 2026 Last Modified: Mag 08, 2026
ExploitDB:
Other exploit source:
Google Dorks:
CRITICAL 10,0
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A

Description

AI Translation Available

Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered 'PENDING' organization / user accounts. This issue has been patched in version 7.3.2.

602

Client-Side Enforcement of Server-Side Security

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Availability
Potential Impacts:
Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Gain Privileges Or Assume Identity
Applicable Platforms
Technologies: ICS/OT, Mobile
Likelihood of Exploit: Medium
View CWE Details
863

Incorrect Authorization

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control Availability
Potential Impacts:
Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Bypass Protection Mechanism Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)
Applicable Platforms
Technologies: Database Server, Not Technology-Specific, Web Server
Likelihood of Exploit: High
View CWE Details
https://github.com/sovity/dataspace-portal/releases/tag/v7.…
https://github.com/sovity/dataspace-portal/releases/tag/v7.3.2
https://github.com/sovity/dataspace-portal/security/advisor…
https://github.com/sovity/dataspace-portal/security/advisories/GHSA-989g-wpfv-6…