Description
Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
Published: 2026-06-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability stems from an improper access control check within MIA Technology Inc.'s Pizzy Library, allowing an attacker to bypass authentication requirements and access protected functions or data. The flaw arises when the library incorrectly handles security level configurations, leading to missing authorization checks. As a result, an adversary who can influence or trigger vulnerable code can retrieve sensitive information or perform actions without proper privileges, compromising confidentiality and integrity.

Affected Systems

The affected product is MIA Technology Inc.'s Pizzy Library in all releases from version 1.0.0.26250 up to, but not including, 1.3.9.26250. Systems that integrate or embed any of these library versions are at risk. No other vendors or products are known to be affected.

Risk and Exploitability

The CVSS score of 7.1 classifies this issue as high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, so public exploitation is not confirmed. Nonetheless, the flaw requires that input be accepted without proper authorization checks, which the library performs internally. An attacker with the ability to influence the library’s input path or configuration—such as through a web interface, API, or internal process—could potentially gain unauthorized access. The risk level remains high because the flaw directly enables the bypassing of authentication controls, though exploitable scenarios may require some configuration context.

Generated by OpenCVE AI on June 16, 2026 at 01:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Pizzy Library to version 1.3.9.26250 or later where the access control issue has been fixed.
  • Verify that all configuration parameters related to security levels are correctly defined and enforce the principle of least privilege.
  • Implement additional application‑level authorization checks to ensure that only authenticated and authorized requests can invoke protected library functionality.

Generated by OpenCVE AI on June 16, 2026 at 01:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Improper Access Control, Missing Authorization vulnerability in MIA Technology Inc. Pizzy Library allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Pizzy Library: from 1.0.0.26250 before 1.3.9.26250.
Title Improper Access Control in Mia Technologies' Pizzy Library
Weaknesses CWE-284
CWE-862
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: TR-CERT

Published:

Updated: 2026-06-15T15:57:52.729Z

Reserved: 2026-03-31T13:28:53.611Z

Link: CVE-2026-5230

cve-icon Vulnrichment

Updated: 2026-06-15T15:57:46.265Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T14:16:37.427

Modified: 2026-06-15T20:46:57.713

Link: CVE-2026-5230

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T02:00:04Z

Weaknesses