Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Unsecured Client Invoicing in Sprout Invoices
CVE-2026-25364
Summary
An unauthorized user can access and manipulate client invoices in Sprout Invoices if access control settings are not properly configured. This can lead to sensitive information being exposed or tampered with. Update to the latest version of Sprout Invoices (version 20.8.9 or higher) to fix this issue.
Original title
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client...
Original description
Missing Authorization vulnerability in BoldGrid Client Invoicing by Sprout Invoices sprout-invoices allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Client Invoicing by Sprout Invoices: from n/a through <= 20.8.8.
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026