CVE-2026-3111

Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of all users via a manipulated URL, enabling them to collect user photos en masse. This could lead to these photos being used maliciously to impersonate identities, perform social engineering, link identities across platforms using facial recognition, or even carry out doxxing.

CVSS

No CVSS.

References

Link	Resource
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-educativa-campus

Configurations

No configuration.

History

19 May 2026, 15:41

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad de Referencia Directa Insegura a Objeto (IDOR) en Campus Educativa específicamente en el endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (traducido como 80x90 y 40x45). La explotación exitosa de esta vulnerabilidad podría permitir a un atacante no autenticado acceder a las fotos de perfil de todos los usuarios a través de una URL manipulada, lo que les permitiría recopilar fotos de usuarios masivamente. Esto podría llevar a que estas fotos sean utilizadas maliciosamente para suplantar identidades, realizar ingeniería social, vincular identidades entre plataformas utilizando reconocimiento facial, o incluso llevar a cabo doxxing.

16 Mar 2026, 14:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 14:19

Updated : 2026-05-19 15:41

NVD link : CVE-2026-3111

Mitre link : CVE-2026-3111

CVE.ORG link : CVE-2026-3111

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

{"id": "CVE-2026-3111", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-16T14:19:47.090", "references": [{"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-educativa-campus", "source": "cve-coordination@incibe.es"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Insecure Direct Object Reference (IDOR) vulnerability in Campus Educativa specifically at the endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (translated as 80x90 and 40x45). Successful exploitation of this vulnerability could allow an unauthenticated attacker to access the profile photos of all users via a manipulated URL, enabling them to collect user photos en masse. This could lead to these photos being used maliciously to impersonate identities, perform social engineering, link identities across platforms using facial recognition, or even carry out doxxing."}, {"lang": "es", "value": "Vulnerabilidad de Referencia Directa Insegura a Objeto (IDOR) en Campus Educativa espec\u00edficamente en el endpoint '/archivos/usuarios/[ID]/[username]/thumb_AAxAA.jpg' (traducido como 80x90 y 40x45). La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante no autenticado acceder a las fotos de perfil de todos los usuarios a trav\u00e9s de una URL manipulada, lo que les permitir\u00eda recopilar fotos de usuarios masivamente. Esto podr\u00eda llevar a que estas fotos sean utilizadas maliciosamente para suplantar identidades, realizar ingenier\u00eda social, vincular identidades entre plataformas utilizando reconocimiento facial, o incluso llevar a cabo doxxing."}], "lastModified": "2026-05-19T15:41:54.553", "sourceIdentifier": "cve-coordination@incibe.es"}