OpenCode Systems OC Messaging USSD Gateway Broken Access Control Vulnerability Allowing Unauthorized SMS Access

Vulnerability

A broken access control vulnerability has been identified in OpenCode Systems OC Messaging / USSD Gateway version 6.32.2. This vulnerability allows authenticated low-privileged attackers to access arbitrary SMS messages by manipulating a company or tenant identifier parameter in HTTP requests. The issue arises in the web-based control panel, leading to unauthorized access to sensitive authentication data, including one-time passwords (OTP) used for account recovery and login verification in a multi-tenant environment.

Impact

Exploitation of this vulnerability allows cross-tenant access to SMS and OTP messages, potentially leading to account compromise and unauthorized access in a multi-tenant environment.

Added: Mar 5, 2026, 9:25 PM

Updated: Mar 5, 2026, 9:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.8

remediation

0.0

relevance

3.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenCode Systems OC Messaging USSD Gateway Broken Access Control Vulnerability Allowing Unauthorized SMS Access

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating