CVE advisoryCRITICAL
CVE-2025-26201
GreaterWMS Credential Disclosure and Privilege Escalation Vulnerability
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical credential disclosure vulnerability in GreaterWMS's `/staff` route allows unauthenticated remote attackers to bypass authentication and escalate privileges. This could lead to unauthorized access and control of system data. Confirming if GreaterWMS is in use is the immediate priority.