Product
An authorization bypass vulnerability, CVE-2026-63085, in Axelor Open Platform versions 8.x prior to 8.2.2 allows authenticated non-admin users to exploit unenforced field restrictions during nested relational save operations to modify sensitive user record fields like roles and groups, thereby escalating privileges to administrative levels.