CVE-2026-31150EXPLOITED

n/a · n/a

CVE-2026-31150: Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to

Description

Incorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's dashboard resources.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a

References

Related News (1 articles)

Tier C

VulDB4h ago

CVE-2026-31150 | Kaleris YMS 7.2.2.1 access control

→ No new info (linked only)

CVSS 3.14.3 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA KEV❌ No

Actively exploited✅ Yes

PublishedApr 6, 2026

Last enriched4h agov2

Trending Score57

Source articles1

Independent1

Info Completeness7/14

Missing: epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2025-57835EXP

CVE-2025-57835: An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 21

Trending: 50

CRITICALCVE-2026-31151EXP

CVE-2026-31151: An issue in the login mechanism of Kaleris YMS v7.2.2.1 allows attackers to bypass login verification to access the appl

Trending: 49

HIGHCVE-2026-30613EXP

CVE-2026-30613: An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch (16amp)- WiFi/Bluetooth Enabled Software Ver

Trending: 47

MEDIUMCVE-2026-31067EXP

CVE-2026-31067: A remote command execution (RCE) vulnerability in the /goform/formReleaseConnect component of UTT Aggressive 520W v3v1.7

Trending: 47

HIGHCVE-2025-59440EXP

CVE-2025-59440: An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2

Trending: 47

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 6, 2026

Discovered by ZDM

Apr 6, 2026

Actively Exploited

Apr 6, 2026

Updated: severity, activelyExploited

Apr 6, 2026

Version History

Last enriched 4h ago

v2Tier C4h ago

Updated severity to CRITICAL and marked the vulnerability as actively exploited.

severityactivelyExploited

via VulDB

v15h ago

Initial creation