A vulnerability, which was classified as critical , has been found in ci4-cms-erp ci4ms 0.28.5.0 . This impacts an unknown function. The manipulation leads to improper access controls. This vulnerability is listed as CVE-2026-34570 . The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.