CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-39339

ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (ChurchCRM/Slim/Middleware/AuthMiddleware.php) allows unauthenticated attackers to access all protected API endpoints by including "api/public" anywhere in the request URL, leading to complete exposure of church member data and system information. This vulnerability is fixed in 7.1.0.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.9%

CVSS Severity

CVSS v3 Score 9.1

References

https://github.com/ChurchCRM/CRM/security/advisories/GHSA-v3p2-mx78-pxhc
https://github.com/ChurchCRM/CRM/security/advisories/GHSA-v3p2-mx78-pxhc

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-39339

Products

Pricing

Contact Us