CVE-2026-4320 CRITICAL

CVE-2026-4320: Authorization Bypass in ICMS Content Management by Creartia Internet Consulting

Vendor Creartia Internet Consulting
Product ICMS Content Management
Weakness CWE-288
Published May 18, 2026
Last update May 18, 2026

CVSS base score

9.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for credentials.

Key dates

02Disclosure timeline

May 18, 2026 CVE published
May 18, 2026 Record updated