CVE-2026-42160

Summary

Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. This issue has been patched in version 7.3.2.

Affected Software

VendorProductVersion RangeStatus
sovitydataspace-portal>= 2.1.1, < 7.3.2affected

Weaknesses

  • CWE-602: CWE-602: Client-Side Enforcement of Server-Side Security
  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References