Security
Researcher details exploited vulnerabilities in Johnson & Johnson web apps
- Category: Security
- Status: discussion
- Sources: Eaton Works, discussion
- Summary: A security researcher published a 2026-06-24 write-up describing access-control and logic flaws found in Johnson & Johnson web applications, with the analysis framed as coordinated research rather than active in-the-wild exploitation. No CVE or vendor advisory is attached to the post.
- Why it matters: It is a reminder that enterprise web-app authorization gaps remain common and are findable through ordinary black-box testing, but it is a single researcher account without vendor confirmation.
- Follow-up: None; no CVE assigned.