https://gryfman.fr/tags/access-control/Recent content in Access Control on gryfmanHugoen-ussussetnoe2004@gmail.com (gryfman)sussetnoe2004@gmail.com (gryfman)Mon, 27 Apr 2026 00:00:04 +0200https://gryfman.fr/cves/cve-2026-41464/Mon, 27 Apr 2026 00:00:04 +0200sussetnoe2004@gmail.com (gryfman)https://gryfman.fr/cves/cve-2026-41464/<h2 id="introduction">Introduction</h2> <p>This article covers another vulnerability we found during our research on ProjeQtOr: a missing authorization issue.</p> <p>If you want more context about ProjeQtOr itself, I already introduced the software in the first post of this series: <a href="https://gryfman.fr/cves/cve-2026-41462">From login to admin : CVE-2026-41462</a> .</p> <p>Here the issue is differents from the previous ones, and involves an access control flaw that allowed low-privileged authenticated users to access sensitive information about other users, including password hashes and API keys.</p>