{"vulnerability": "CVE-2026-12686", "sightings": [{"uuid": "ee88c45c-006d-4aff-8f58-a322a3fc1aaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12686", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116872565768512647", "content": "Adiss Biloop v6.1.1: CRITICAL CVE-2026-12686 enables authenticated users to bypass authorization via manipulated company ID, exposing cross-tenant data. Monitor logs and limit exposure while awaiting patch. https://radar.offseq.com/threat/cve-2026-12686-cwe-639-authorization-bypass-throug-3166bcbbfec7c2c9 #OffSeq #CVE202612686 #infosec #vuln", "creation_timestamp": "2026-07-06T10:30:28.977091Z"}, {"uuid": "2d076412-4c69-48af-8fe1-df13f78fe9e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-12686", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mpxv3qz2ph2g", "content": "CRITICAL vuln in Adiss Biloop v6.1.1: Authenticated users can access and modify other tenants\u2019 data via company ID parameter manipulation. Review and tighten access controls. https://radar.offseq.com/threat/cve-2026-12686-cwe-639-authorization-bypass-throug-3166bcbbfec7c2c9 #OffSeq #CVE202612686 ...", "creation_timestamp": "2026-07-06T10:30:30.845383Z"}, {"uuid": "ea396b7e-fb4c-4c05-90a4-756babfebf53", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12686", "type": "seen", "source": "https://bsky.app/profile/stackflag.bsky.social/post/3mpy2k7rycx2i", "content": "CVE-2026-12686\nAdobe Commerce does not properly check user access to company data, which means an authenticated user could see or change sensitive information from other companies hosted on the same website. This could lead\u2026\n\nToo many irrelevant or confusing CVEs? Use stackflag.com\n\n#CVE #infosec", "creation_timestamp": "2026-07-06T12:08:04.530185Z"}, {"uuid": "b25b96d0-db31-43e0-aa23-11733c5246e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-12686", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mpy2rdjfhx2q", "content": "CVE-2026-12686 - Incorrect authorisation in Adiss\u2019s Biloop\nCVE ID : CVE-2026-12686\n \n Published : July 6, 2026, 11:16 a.m. | 31\u00a0minutes ago\n \n Description : An authenticated user could manipulate a company ID parameter in a POST request to the backend to gain unauthorised acce...", "creation_timestamp": "2026-07-06T12:12:06.065584Z"}]}