CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing

🗓️ 26 May 2026 18:23:13Reported by VulnCheckType

CVE-2026-8890: code100x Mobile API impersonation via g header; identity bypass exposes course data.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-8890	26 May 202618:23	–	attackerkb
Circl	CVE-2026-8890	26 May 202622:50	–	circl
CNNVD	100xDevs CMS 安全漏洞	26 May 202600:00	–	cnnvd
CVE	CVE-2026-8890	26 May 202618:23	–	cve
EUVD	EUVD-2026-31953	26 May 202618:23	–	euvd
NVD	CVE-2026-8890	26 May 202619:16	–	nvd
Positive Technologies	PT-2026-43378	26 May 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-8890	5 Jun 202619:11	–	redhatcve
Vulnrichment	CVE-2026-8890 code100x Mobile API Authentication Bypass via Header Spoofing	26 May 202618:23	–	vulnrichment

[
  {
    "vendor": "code100x",
    "product": "code100x",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "90b489ee7c63c301107d6374d4b3f2b8e4060fe5",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "88c6c5e94e23da101235c4c7e9c7591ac1016549",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

Source	Link
github	www.github.com/code100x/cms/pull/1927
github	www.github.com/code100x/cms/pull/1927/changes/90b489ee7c63c301107d6374d4b3f2b8e4060fe5
github	www.github.com/code100x/cms/issues/1924
github	www.github.com/code100x/cms/pull/1927/changes/88c6c5e94e23da101235c4c7e9c7591ac1016549
vulncheck	www.vulncheck.com/advisories/code100x-mobile-api-authentication-bypass-via-header-spoofing

23 Jun 2026 16:17Current

CVSS 3.18.2

CVSS 48.8

EPSS0.0049

CWE-639