CVE-2026-59237 | Roskus Prospero Flow CRM up to 5.5.2 Order/OrderItem REST API /api/order find ID authorization

SecurityVulns

A vulnerability described as critical has been identified in Roskus Prospero Flow CRM up to 5.5.2. Impacted is the function find of the file /api/order of the component Order/OrderItem REST API. Such manipulation of the argument ID leads to authorization bypass.

This vulnerability is listed as CVE-2026-59237. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More