Vulnerability Description
The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule with the anonymous user role to gain access to all stored records, even though no access rights are explicitly configured on that role. Anonymous users are required to make a Mendix Entity available publicly. All versions of Mendix Studio Pro up to 11.8.0 Beta silently make an Anonymous user role follow user inheritance rules, without mentioning this explicitly in the documentation.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2026-7891?
CVE-2026-7891 is a documented vulnerability. The VerySecureApp made by DIVD using Mendix Studio Pro 11.8.0 Beta allows unintended data exposure due to authorization misconfiguration. The VerySecureApp allows anonymous users of the MyFirstModule ...
How severe is CVE-2026-7891?
CVSS scoring is not yet available for CVE-2026-7891. Check NVD for updates.
Is there a patch for CVE-2026-7891?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.