cvedb.io
CVE-2022-26317
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2022-03-08T12:15:11.873 · Last modified 2026-06-17T04:34:58.007

Summary

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.29). When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with predictable identifiers for Microflow execution calls, this could allow a malicious attacker to retrieve information about arbitrary Microflow execution calls made by users within the affected system.

Affected products

mendix — mendix

Does this affect you?

Add your gear to cvedb and we'll alert you only when mendix ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.