AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-5387: The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simula

infovulnerability

security

Source: NVD/CVE DatabaseApril 15, 2026CVE-2026-5387

Summary

CVE-2026-5387 is a critical vulnerability that allows unauthenticated attackers to bypass access controls and perform actions normally restricted to administrator roles (Simulator Instructor or Simulator Developer), potentially leading to privilege escalation (unauthorized elevation of access level) and unauthorized changes to simulation parameters, training configuration, and training records. The vulnerability has a CVSS score (0-10 severity rating) of 9.3, classified as critical. The flaw stems from missing authorization checks in the affected software.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

April 15, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-862

CAPEC (Attack Pattern)

CAPEC-122

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-5387

First tracked: April 15, 2026 at 02:09 PM

Classified by LLM (prompt v3) · confidence: 95%