Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
suitenumerique messages 0.2.0: Unauthorized Access via Remote Attack
CVE-2026-3739
Summary
A security flaw in suitenumerique messages 0.2.0 can allow hackers to access sensitive information without proper authorization. This could lead to unauthorized access to your data or systems. To fix this issue, update to version 0.3.0, which has already been released.
Original title
A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadA...
Original description
A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.3.0 is capable of addressing this issue. The patch is identified as d7729f4b885449f6dee3faf8b5f2a05769fb3d6e. The affected component should be upgraded.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-287
Improper Authentication
- https://github.com/suitenumerique/messages/
- https://github.com/suitenumerique/messages/commit/d7729f4b885449f6dee3faf8b5f2a0...
- https://github.com/suitenumerique/messages/pull/557
- https://github.com/suitenumerique/messages/releases/tag/v0.3.0
- https://github.com/suitenumerique/messages/security/advisories/GHSA-7476-6crq-4c...
- https://vuldb.com/?ctiid.349717
- https://vuldb.com/?id.349717
- https://vuldb.com/?submit.767329
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026