CVE-2026-10876

Description

A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Overview

State: PUBLISHED
Assigner (CNA): VulDB
CVSS severity: MEDIUM
CVSS score: 5.3 / 10
CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Effective score: 5.3 / 10 MEDIUM source: CNA overview
CWE(s): CWE-285, CWE-266
Reserved: 2026-06-04
Published: 2026-06-04 23:30 UTC
Last updated: 2026-06-04 23:30 UTC
Source: https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/10xxx/CVE-2026-10876.json

NVD triage scoring NVD CVE 2.0

Layer NVD adds on top of the CNA's CVE record — published / last-modified timestamps, exploitability / impact subscores, and the FIRST.org EPSS probability that this CVE will be exploited in the wild in the next 30 days.

NVD published: 2026-06-05 00:16:59 UTC
NVD last modified: 2026-06-05 00:16:59 UTC
NVD CVSS v3.1: 6.3 / 10 MEDIUM source: cna@vuldb.com
NVD CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Exploitability subscore: 2.8 / 10
Impact subscore: 3.4 / 10

European Union Vulnerability Database ENISA EUVD

ENISA's official EU repository for curated vulnerability intelligence. Carries a separate identifier (EUVD-YYYY-NNNN) and frequently exposes an earlier-published description + CVSS than NVD does.

EUVD ID: EUVD-2026-34772

EUVD enrichment is queued; refresh the page in a few seconds.

Affected products (1)

Vendor	Product	Versions	Platforms
SourceCodester	Ship Ferry Ticket Reservation System	`1.0` (affected)	—

Remediations (10)

Microsoft and Adobe Patch Tuesday, May 2026 Security Update Review

web:blog.qualys.com

May 2026's Patch Tuesday arrives with Microsoft addressing a fresh set of vulnerabilities across its ecosystem, reinforcing the ongoing need for timely patching in an increasingly threat-heavy…

2026-06-05 02:39 UTC
Microsoft Patch Tuesday May 2026 - 120 Vulnerabilities Fixed, Including ...

web:cybersecuritynews.com

Microsoft's May 2026 Patch Tuesday lands with a heavy enterprise focus, fixing 120 vulnerabilities across Windows, Office, Azure, developer tools, and Microsoft 365 apps, including 29 remote code execution (RCE) flaws rated Critical.

2026-06-05 02:39 UTC
Security Update Guide - Microsoft

web:portal.msrc.microsoft.com

The Security Update Guide provides information on the latest Microsoft security updates, helping users understand and address potential vulnerabilities effectively.

2026-06-05 02:39 UTC
Landing Page | ServiceNow Common Vulnerabilities & Exposures (CVE ...

web:support.servicenow.com

Overview The advisories below document publicly disclosed Common Vulnerabilities and Exposures ( CVEs ) in the Now Platform by ServiceNow. Because ServiceNow uses various methods to communicate vulnerability information, patches, and other fixes, customers should review family, security patch , and hotfix release notes, which are available at https://docs.servicenow.com, for a complete list of ...

2026-06-05 02:39 UTC
Microsoft March 2026 Patch Tuesday fixes 2 zero-days, 79 flaws

web:www.bleepingcomputer.com

Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities.

2026-06-05 02:39 UTC
Oracle Critical Patch Update Advisory - April 2026

web:www.oracle.com

This Critical Patch Update contains 481 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at April 2026 Critical Patch Update: Executive Summary and Analysis.

2026-06-05 02:39 UTC
Patch Tuesday May 2026 - PDQ

web:www.pdq.com

May 2026 Patch Tuesday is here, and PDQ is back with another recap. Will we see another month of increased CVE volume? Is AI to blame? Dive in to learn more.

2026-06-05 02:39 UTC
Quantifying 2026 Routinely Targeted Vulnerabilities (So Far)

web:www.vulncheck.com

VulnCheck identified 25 CVEs disclosed in 2026 that have been routinely targeted by adversaries and researchers so far this year, drawing from a global body of exploit code and exploitation data.

2026-06-05 02:39 UTC
Windows 11 April 2026 Update tested: What's new, improved and fixed

web:www.windowslatest.com

Windows 11 April 2026 update adds Narrator Copilot support, faster Settings, File Explorer fixes, and key security improvements.

2026-06-05 02:39 UTC
Patch Tuesday June 2026: Security Updates & CVE Analysis

web:zecurit.com

Get the complete breakdown of Microsoft's June 2026 Patch Tuesday. We analyze the latest security updates and all critical CVEs .

2026-06-05 02:39 UTC

Vendor references (6)

References embedded in the original CVE record by the assigning CNA.

VDB-368366 | SourceCodester Ship Ferry Ticket Reservation System admin improper authorization vdb-entrytechnical-description
VDB-368366 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
CVE-2026-10876 | CVE Analysis and Report third-party-advisory
Submit #831870 | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control third-party-advisory
https://medium.com/@hemantrajbhati5555/missing-authorization-in-sourcecodester-ship-ferry-ticket-reservation-system-leads-to-unauthorized-7783134d6596 broken-linkexploit
https://www.sourcecodester.com/ product

MITRE references (6) cveawg.mitre.org

Pulled from MITRE's CVE Services API by the 🛰 Backfill from MITRE button.

https://medium.com/@hemantrajbhati5555/missing-authorization-in-sourcecodester-ship-ferry-ticket-reservation-system-leads-to-unauthorized-7783134d6596 broken-link, exploit
CVE-2026-10876 | CVE Analysis and Report third-party-advisory
Submit #831870 | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control third-party-advisory
VDB-368366 | SourceCodester Ship Ferry Ticket Reservation System admin improper authorization vdb-entry, technical-description
VDB-368366 | CTI Indicators (IOB, IOC, TTP, IOA) signature, permissions-required
https://www.sourcecodester.com/ product

Web references (0)

DuckDuckGo results ranked by threat-intel / vendor advisory domains. Generated by the 🔎 Find references (web) button above — same flow as the Remediations search.

No web references attached yet.

NVD-tagged references (6)

Reference list NVD curates from the CNA record, vendor advisories, and third-party reports. The tag chips below are NVD's analyst-assigned categories.

https://medium.com/@hemantrajbhati5555/missing-authorization-in-sourcecodester-ship-ferry-ticket-reservation-system-leads-to-unauthorized-7783134d6596 cna@vuldb.com
https://vuldb.com/cve/CVE-2026-10876 cna@vuldb.com
https://vuldb.com/submit/831870 cna@vuldb.com
https://vuldb.com/vuln/368366 cna@vuldb.com
https://vuldb.com/vuln/368366/cti cna@vuldb.com
https://www.sourcecodester.com/ cna@vuldb.com

AI Forensic Analysis

Only Available for Registered Users. Sign in to view.

Raw JSON

The full cvelistV5 record. Download as CVE-2026-10876.json.

{
  "containers": {
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:sourcecodester:ship_ferry_ticket_reservation_system:*:*:*:*:*:*:*:*"
          ],
          "product": "Ship Ferry Ticket Reservation System",
          "vendor": "SourceCodester",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Hemant Raj Bhati (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 6.5,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "Incorrect Privilege Assignment",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-04T23:30:10.693Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-368366 | SourceCodester Ship Ferry Ticket Reservation System admin improper authorization",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/vuln/368366"
        },
        {
          "name": "VDB-368366 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/vuln/368366/cti"
        },
        {
          "name": "CVE-2026-10876 | CVE Analysis and Report",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/cve/CVE-2026-10876"
        },
        {
          "name": "Submit #831870 | SourceCodester Ship/Ferry Ticket Reservation System 1.0 Broken Access Control",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/submit/831870"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://medium.com/@hemantrajbhati5555/missing-authorization-in-sourcecodester-ship-ferry-ticket-reservation-system-leads-to-unauthorized-7783134d6596"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.sourcecodester.com/"
        }
      ],
      "tags": [
        "x_freeware"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-04T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-06-04T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-06-04T17:42:16.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "SourceCodester Ship Ferry Ticket Reservation System admin improper authorization"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2026-10876",
    "datePublished": "2026-06-04T23:30:10.693Z",
    "dateReserved": "2026-06-04T15:37:09.025Z",
    "dateUpdated": "2026-06-04T23:30:10.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}