CVE-2026-31071CRITICAL 9.1EPSS p41.3%

CVE-2026-31071CVE-2026-31071

Description

API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt password hashes) via /api/user/getUserData, modify drug inventory, and access private medical prescription data via /api/doctorOder.

Scoring

CVSS 3.19.1 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS0.55% probability of exploitation · percentile 41.3% · 2026-06-19T12:03:05Z
Published2026-05-19
Last modified2026-05-20

Underlying weaknesses· 1

CWE-306

References

  1. https://gist.github.com/nedlir/bc8ad4693c53256819280e8f5de49286
  2. https://github.com/LalanaChami/Pharmacy-Mangment-System/tree/5c3d02888631166649856f71d542387114b3010b/backend/routes
  3. https://gist.github.com/nedlir/bc8ad4693c53256819280e8f5de49286

1

TypeTargetConfidenceTier
WeaknessMissing Authentication for Critical Functioncwe-3060%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-31070
CVE
CVE-2025-56274
CVE
CVE-2026-26708
CVE
CVE-2025-52101
CVE
CVE-2026-10208
CVE
CVE-2026-26705
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.