CVE-2026-35552
In CVE-2026-35552, affected products are CAXperts UPVWebServices 2.4.2212.603–2.7.6 and UDiTH Portal 2026.0.0–2026.2.0. An authenticated remote user can call an administrative API endpoint intended for privileged users, due to missing authorization checks. This can allow the attacker to deactivat...