A vulnerability classified as critical was found in SourceCodester Water Billing Management System 1.0 . This issue affects some unknown processing of the file /classes/Users.php?f=save of the component User Management Endpoint . Such manipulation leads to improper authorization. This vulnerability is traded as CVE-2026-10236 . The attack may be launched remotely. Furthermore, there is an exploit available.