What the vulnerability does
01Description
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3.
Explanation of Vulnerability in Simple Terms
02Summary
Overton versions 1.3 and earlier contain an authorization flaw that allows high-privileged users to read or modify limited data. The vulnerability requires administrative access and does not affect availability. Update to a version newer than 1.3 to remediate.
What an attacker can do
03Attacker Capabilities
Read or modify limited data within the application with high-level privileges.
Potential impact on your site
04Site Impact
High-privilege accounts could leak or alter sensitive information; availability is not affected.
Conditions required to exploit
05Prerequisites
Attacker must have high-level administrative access to the application.
Key dates
06Disclosure timeline
January 22, 2026
CVE published
April 28, 2026
Record updated