What the vulnerability does
01Description
Missing Authorization vulnerability in Nawawi Jamili Docket Cache docket-cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Docket Cache: from n/a through <= 24.07.04.
Explanation of Vulnerability in Simple Terms
02Summary
Docket Cache versions up to 24.07.04 lack proper authorization checks, allowing authenticated users with low privileges to trigger a denial-of-service condition. An attacker with a valid account can make requests that degrade site availability. The vulnerability requires an existing user account but no special interaction from victims.
What an attacker can do
03Attacker Capabilities
An authenticated user can make requests that degrade or disrupt site availability.
Potential impact on your site
04Site Impact
Any registered user can trigger availability issues; consider restricting account creation or auditing user permissions.
Conditions required to exploit
05Prerequisites
Attacker must have a valid user account with low-level privileges on the site.
Key dates
06Disclosure timeline
January 8, 2026
CVE published
April 28, 2026
Record updated