← Back to CVE List
Vulnerability Analysis
RafyMrX TOKO-ONLINE-ROTI missing authentication

CVE-2026-15491

A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is possible to be carried out remotely. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass No Active Exploit Signals
CVSS Base Score
6.9
MEDIUM
Exploitability:-
Impact Score:-
Temporal Score:-
EPSS:0.63%

Threat Intelligence Signals

CISA KEV
No
KEV Date Added
Ransomware Use
KEV Due Date
VulnCheck In-the-Wild
No
Nuclei Template
No
EPSS Score
0.627%
EPSS Percentile
45.9th pct
GitHub Severity
MODERATE
SSVC Exploitation
None
SSVC Automatable
Yes
Vulnerability Class
Authentication Bypass

Identity & Timeline

Status-
Assigning Authority-
CVSS Version / Source-
Reserved-
Published-
Patch Date (date_public)-
Exploit DB Date-
First GitHub PoC Date-
Last Updated-
Time to Patch (Days to fix)-
Exploit Release Gap-
PoC Release Gap-
Exploit DB ReferencesNone identified

Affected Products & Versions

Vendor Product Affected Versions
No affected products specified.

References

No reference links found.

LINK COPIED TO CLIPBOARD