CVE-2026-59235 | Roskus Prospero Flow CRM up to 5.5.2 BankAccountListController BankAccountListController.php get company_id authorization

SecurityVulns

A vulnerability was found in Roskus Prospero Flow CRM up to 5.5.2. It has been declared as problematic. The impacted element is the function get of the file app/Http/Controllers/Api/BankAccount/BankAccountListController.php of the component BankAccountListController. Executing a manipulation of the argument company_id can lead to missing authorization.

This vulnerability is registered as CVE-2026-59235. It is possible to launch the attack remotely. No exploit is available.VulDB Recent EntriesRead More