mall-swarm authorization issue vulnerability (CNVD-2026-10881)

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from an improper authorization issue in the updateAttr function in the file /cart/update/attr. No detailed vulnerability details are available at this time...

CVE-2025-13114 macrozheng mall-swarm attr updateAttr improper authorization

A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

CVE-2025-13114

The CVE-2025-13114 entry concerns macrozheng mall-swarm (versions up to 1.0.3). The vulnerability is in the updateAttr function of /cart/update/attr, allowing improper authorization and a remote attack. Public exploit material exists, and multiple feeds (Red Hat, EUVD/ENISA, CNNVD, CVE lists) cor...

CVE-2025-13114 macrozheng mall-swarm attr updateAttr improper authorization

A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...