CVE-2026-39910 — STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary — CVE Database · The Intelligence Room