A vulnerability, which was classified as critical , was found in CodeAstro Leave Management System 1.0 . Affected is an unknown function of the file /admin/delete_leave_type.php . The manipulation of the argument leave_type results in sql injection. This vulnerability is identified as CVE-2026-11507 . The attack can be executed remotely. Additionally, an exploit exists.