Product
An Insecure Direct Object Reference (IDOR) vulnerability, CVE-2026-49464, in NL Portal's Taak V2 implementation (versions 1.5.0 through 3.0.0) allows authenticated attackers to mark other users' tasks as complete, overwrite submitted data, and leak personal information by exploiting an authorization bypass in the `submitTaakV2` GraphQL endpoint.