Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
SupportCandy: Unauthorized Access to Sensitive Data
CVE-2026-25321
Summary
A weakness in SupportCandy's access control allows attackers to access sensitive areas without permission. This affects SupportCandy versions up to 3.4.4. To protect your data, update to the latest version of SupportCandy.
Original title
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a throug...
Original description
Missing Authorization vulnerability in PSM Plugins SupportCandy supportcandy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SupportCandy: from n/a through <= 3.4.4.
nvd CVSS3.1
5.3
Vulnerability type
CWE-862
Missing Authorization
Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026