Detections
Analytics

CVE-2026-3739

medium

Description

A security flaw has been discovered in suitenumerique messages 0.2.0. This issue affects the function ThreadAccessSerializer of the file src/backend/core/api/serializers.py of the component ThreadAccess. The manipulation results in improper authentication. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.3.0 is capable of addressing this issue. The patch is identified as d7729f4b885449f6dee3faf8b5f2a05769fb3d6e. The affected component should be upgraded.

References

https://vuldb.com/?submit.767329

https://vuldb.com/?id.349717

https://vuldb.com/?ctiid.349717

https://github.com/suitenumerique/messages/security/advisories/GHSA-7476-6crq-4cw9

https://github.com/suitenumerique/messages/releases/tag/v0.3.0

https://github.com/suitenumerique/messages/pull/557

https://github.com/suitenumerique/messages/commit/d7729f4b885449f6dee3faf8b5f2a05769fb3d6e

https://github.com/suitenumerique/messages/

Details

Source: Mitre, NVD

Published: 2026-03-08

Updated: 2026-03-09

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Severity: Medium

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00095