CRITICALCVE-2026-31071Published 2026-05-19Modified 2026-05-20CNA mitre

CVE-2026-31071: API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware

API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt password hashes) via /api/user/getUserData, modify drug inventory, and access private medical prescription data via /api/doctorOder.

CVSS v3.1: 9.1
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

github.com
gist.github.com

Metrics