Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Pangolin Role Handler Allows Unauthorized Access
CVE-2026-3209
Summary
A flaw in the Pangolin Role Handler can lead to unauthorized access to sensitive areas of the system. This is due to a weakness in how the system checks user permissions. To fix this, update to the latest version of Pangolin, specifically version 1.15.4-s.4.
Original title
A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to imprope...
Original description
A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-266
Incorrect Privilege Assignment
CWE-284
Improper Access Control
- https://github.com/fosrl/pangolin/pull/2511
- https://gist.github.com/henrrrychau/0457bef6776d0c99688f9cf55cdf55f7
- https://github.com/fosrl/pangolin/
- https://github.com/fosrl/pangolin/commit/5e37c4e85fae68e756be5019a28ca903b161fdd...
- https://github.com/fosrl/pangolin/releases/tag/1.15.4-s.4
- https://vuldb.com/?ctiid.347796
- https://vuldb.com/?id.347796
- https://vuldb.com/?submit.765676
- https://vuldb.com/?submit.766215
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026