Vulnerability Summary

TVN Number: TVN-202601011 CVE Identifier: CVE-2026-1514 CVSS Score: 6.5 (Medium) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Product

Vendor: 2100 Technology Product: Official Document Management System Affected Versions: 5.0.77 through 5.0.98 Patched Version: 5.0.98.23 or later

Vulnerability Details

The Official Document Management System by 2100 Technology contains an authorization flaw that enables authenticated users to circumvent access controls. By modifying front-end code, remote attackers with valid credentials can access all official documents they shouldn’t be authorized to view.

Vulnerability Type: Incorrect Authorization Attack Vector: Network Privileges Required: Low (authenticated user) User Interaction: None

Impact

The vulnerability poses a significant confidentiality risk due to the broad scope of potentially exposed information. Authenticated attackers can bypass authorization controls to view sensitive official documents across the system.

Remediation

Update to version 5.0.98.23 or later.

Timeline

• Public Disclosure: January 28, 2026

References

• TWCERT/CC Advisory
• CVE-2026-1514

Metadata

• Source: TWCERT/CC
• Feed ID: rss-139
• Language: English
• Confidence: High