The vulnerability allows attackers to use features of Kurt Software Studio WriteUp Mobile App that should be restricted by access control lists. With no proper authorization checks, a malicious user can exploit the software to reach operations they should not be able to perform, potentially exposing sensitive information or altering data. The high CVSS score of 8.8 indicates that the flaw is both serious and widely exploitable once the weakness is known.

Kurt Software Studio WriteUp Mobile App versions 1.3.0 through 04062026 are affected. The flaw exists in the mobile application shipped in this range.

This issue is rated high severity with a CVSS score of 8.8. The EPSS score is currently unavailable, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is internal or local, whereby a user who has access to the application can interact with it to invoke disallowed operations. Exploitation requires only the ability to run the app; no additional domain or network privileges are indicated. Because the description does not mention remote exploitation, it is reasonable to infer that the attack is confined to the app environment. The absence of an EPSS score and KEV listing suggests that while the vulnerability is serious, there is no current evidence of widespread exploitation.