Spa and Salon, CVE-2026-25374
- CVE, Research URL
- Home page URL
- Application
- Published on
- Feb 19, 2026
- Research Description
- Missing Authorization vulnerability in raratheme Spa and Salon spa-and-salon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spa and Salon: from n/a through <= 1.3.2.
- Affected versions
-
max 1.3.2.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| Spa and Salon (CVE-2024-31384) , Jun 10, 2024 |
| Spa and Salon (CVE-2026-25374) , Mar 30, 2026 |