CVE-2026-7145 | mettle sendportal up to 3.0.1 Invitation WorkspaceInvitationsController.php destroy invitation authorization (Issue 337)

A vulnerability classified as critical has been found in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invitation Handler. This manipulation of the argument invitation causes authorization bypass.

This vulnerability appears as CVE-2026-7145. The attack may be initiated remotely. There is no available exploit.

The project was informed of the problem early through an issue report but has not responded yet.VulDB Recent EntriesRead More