logo

Vulnerabilities in MyComplianceOffice MCO software

ID: ac4f267e-c5d1-5cd3-9a81-3dfcdc58335e

STIX ID: report--ac4f267e-c5d1-5cd3-9a81-3dfcdc58335e

Feed Name: CERT Polska

Threat Score
70/100

Date Published: 2026-07-01

Date Updated: 2026-07-02

Author: CERT Polska

...
...

CERT Polska coordinated disclosure reports nine vulnerabilities (CVE-2026-53902 through CVE-2026-53909) in MyComplianceOffice MCO 25.3.3.1 that enable privilege escalation, unauthorized document access (IDOR), account denial-of-service via password reset, ACL exposure, path traversal/file write, stored SVG XSS, user enumeration, and unrestricted dangerous file uploads; vendor contact was unsuccessful and vulnerabilities were confirmed in the cited version.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.