CVE-2026-7491

HIGH NVD

CVSS Score 8.1

Severity HIGH

Published May 02, 2026

Vendor unknown

Description

School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data.

References

https://www.twcert.org.tw/en/cp-139-10897-64257-2.html
https://www.twcert.org.tw/tw/cp-132-10896-e3240-1.html