Vulnerability Description
Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated attacker could exploit this vulnerability to access information about any employee (first names, last names, roles, job titles, and vacation records, among others) by modifying that identifier in requests sent to the server.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-5798?
CVE-2026-5798 is a documented vulnerability. Unsafe object reference (IDOR) in Stel Order v3.25.1 and earlier versions, specifically in the ‘/app/FrontController’ endpoint, through manipulation of the ‘employeeID’ parameter. An authenticated att...
How severe is CVE-2026-5798?
CVSS scoring is not yet available for CVE-2026-5798. Check NVD for updates.
Is there a patch for CVE-2026-5798?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.