CVE-2026-35063 — OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying — CVE Database · The Intelligence Room