Multiple vulnerabilities in Kubysoft Posted date: 16/02/2026 Identificador: INCIBE-2026-116 Importance: 3 - Medium Affected Resources Kubysoft Description INCIBE has coordinated the publication of three medium-severity vulnerabilities affecting Kubysoft, a cloud-based enterprise resource planning (ERP) software platform. The vulnerabilities were discovered by David Padilla Alvarado. These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type for each vulnerability: CVE-2025-59904: CVSS v4.0: 5.1 CVE-2025-59905: CVSS v4.0: 4.8 Solution The vulnerabilities have been fixed by the Kubysoft team in the latest version of the software. References List [Kubysoft website] Note: The exploitation value of each vulnerability corresponds to the moment of publication of this notice. This value may have changed over time.