CVE-2026-3762CRITICAL 9.8EPSS p38.6%

CVE-2026-3762CVE-2026-3762

Description

A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.50% probability of exploitation · percentile 38.6% · 2026-06-19T12:03:05Z
Published2026-03-08
Last modified2026-04-29

Underlying weaknesses· 2

CWE-266CWE-285

References

  1. https://gist.github.com/Adarshh-A/1aae387a3cf4ea05c871ddafc64d0348
  2. https://vuldb.com/?ctiid.349740
  3. https://vuldb.com/?id.349740
  4. https://vuldb.com/?submit.768122
  5. https://www.sourcecodester.com/

2

TypeTargetConfidenceTier
WeaknessIncorrect Privilege Assignmentcwe-2660%live
WeaknessImproper Authorizationcwe-2850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-10263
CVE
CVE-2026-1702
CVE
CVE-2025-10627
CVE
CVE-2026-2059
CVE
CVE-2025-13468
CVE
CVE-2026-2057
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.