Login Sign Up

CVE-2026-1597

6.3 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in Bdtask SalesERP allows attackers to bypass authorization controls by manipulating the ci_session parameter on administrative endpoints. It affects all versions up to 20260116, enabling unauthorized access to administrative functions. Remote attackers can exploit this to gain elevated privileges within the application.

💻 Affected Systems

Products:
  • Bdtask SalesERP
Versions: All versions up to and including 20260116
Operating Systems: Any OS running SalesERP
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the administrative endpoint component specifically; requires the application to be deployed and accessible.

📦 What is this software?

Saleserp by Bdtask

View all CVEs affecting Saleserp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete administrative takeover of the SalesERP system, allowing data theft, system modification, or deployment of additional malware.

🟠

Likely Case

Unauthorized access to administrative functions, potentially leading to data exposure, configuration changes, or privilege escalation.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external access to administrative interfaces.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available on GitHub and other sources; requires some authentication but bypasses authorization checks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Monitor vendor channels for updates. Consider upgrading to any version released after 20260116 if available.

🔧 Temporary Workarounds

Restrict Administrative Endpoint Access

linux

Block external access to administrative endpoints using firewall rules or web application firewalls.

iptables -A INPUT -p tcp --dport [admin_port] -j DROP
ufw deny [admin_port]

Implement Session Validation

all

Add server-side validation for ci_session parameters to ensure proper authorization checks.

🧯 If You Can't Patch

  • Isolate the SalesERP instance behind a VPN or internal network only.
  • Implement strict access controls and monitor for unauthorized administrative access attempts.

🔍 How to Verify

Check if Vulnerable:

Test if manipulating ci_session parameter on administrative endpoints bypasses authorization. Check application version against affected range.

Check Version:

Check SalesERP version in application interface or configuration files.

Verify Fix Applied:

Verify that ci_session manipulation no longer allows unauthorized access to administrative functions.

📡 Detection & Monitoring

Log Indicators:

  • Unusual administrative access patterns
  • Failed authorization attempts followed by successful access with modified parameters

Network Indicators:

  • Requests to administrative endpoints with manipulated ci_session parameters

SIEM Query:

source="saleserp_logs" AND (uri="*/admin*" OR uri="*/administrative*") AND (param="ci_session" OR contains(param, "ci_session"))

📊 Metadata

CVE ID: CVE-2026-1597
CVSS v3 Score: 6.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266
EPSS Score: 0.04% exploit probability (12.1th percentile)
Published: January 29, 2026
Last Updated: February 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-1597, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)