Description
A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-02-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Improper Authorization
Action: Monitor
AI Analysis

Impact

The vulnerability resides in the /api/system/dashboard/getCount endpoint of CoCoTeaNet CyreneAdmin up to version 1.3.0. An attacker can craft a request that bypasses the software's authorization checks, allowing the attacker to read system information or gain privileges beyond those intended. This flaw is a manifestation of improper privilege management and authorization controls (CWE‑266 and CWE‑285).

Affected Systems

Affected installations are those running CoCoTeaNet CyreneAdmin versions up to and including 1.3.0. The issue is confined to the System Info Endpoint component. Any deployment that has not upgraded past 1.3.0 is susceptible to the described flaw.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate risk. EPSS <1% suggests that automated exploitation is unlikely at present, yet the vulnerability is publicly disclosed, meaning capable attackers could still target it manually. The flaw is not part of the CISA KEV catalog. Attackers can target the system remotely by sending crafted HTTP requests, potentially compromising confidentiality and integrity for users without sufficient privilege.

Generated by OpenCVE AI on April 17, 2026 at 18:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version newer than 1.3.0 when available.
  • Limit access to the /api/system/dashboard/getCount endpoint by enforcing role‑based authentication and firewall rules.
  • Apply monitoring of access logs for unauthorized requests and rate‑limit the endpoint to mitigate potential abuse.

Generated by OpenCVE AI on April 17, 2026 at 18:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Feb 2026 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:cocoteanet:cyreneadmin:*:*:*:*:*:*:*:*

Thu, 19 Feb 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Cocoteanet
Cocoteanet cyreneadmin
Vendors & Products Cocoteanet
Cocoteanet cyreneadmin

Thu, 19 Feb 2026 03:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in CoCoTeaNet CyreneAdmin up to 1.3.0. This vulnerability affects unknown code of the file /api/system/dashboard/getCount of the component System Info Endpoint. Executing a manipulation can lead to improper authorization. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Title CoCoTeaNet CyreneAdmin System Info Endpoint getCount improper authorization
Weaknesses CWE-266
CWE-285
References
Metrics cvssV2_0

{'score': 4, 'vector': 'AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Cocoteanet Cyreneadmin
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-24T01:44:18.266Z

Reserved: 2026-02-18T14:20:37.780Z

Link: CVE-2026-2693

cve-icon Vulnrichment

Updated: 2026-02-24T01:44:13.517Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T07:17:48.710

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-2693

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:30:05Z

Weaknesses