CVE-2026-10152

Source
https://cve.org/CVERecord?id=CVE-2026-10152
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10152.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-10152
Published
2026-05-30T19:15:08.710Z
Modified
2026-07-08T07:01:38.088361719Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
TaleLin lin-cms-spring-boot book Endpoint BookController.java access control
Details

A vulnerability was detected in TaleLin lin-cms-spring-boot up to 0.2.1. This issue affects some unknown processing of the file src/main/java/io/github/talelin/latticy/controller/v1/BookController.java of the component book Endpoint. The manipulation results in improper access controls. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/10xxx/CVE-2026-10152.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-266",
        "CWE-284"
    ]
}
References

Affected packages

Git / github.com/logamee/lin-cms-spring-boot

Affected ranges

Type
GIT
Repo
https://github.com/logamee/lin-cms-spring-boot
Events
Database specific
{
    "source": "AFFECTED_FIELD",
    "extracted_events": [
        {
            "introduced": "0.2.0"
        },
        {
            "last_affected": "0.2.0"
        },
        {
            "introduced": "0.2.1"
        },
        {
            "last_affected": "0.2.1"
        }
    ]
}

Affected versions

0.*
0.2.0
0.2.1
v0.*
v0.2.0-RELEASE
v0.2.1-RELEASE

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-10152.json"