• Category: Security
  • Status: discussion
  • Sources: Eaton Works, discussion
  • Summary: A security researcher published a 2026-06-24 write-up describing access-control and logic flaws found in Johnson & Johnson web applications, with the analysis framed as coordinated research rather than active in-the-wild exploitation. No CVE or vendor advisory is attached to the post.
  • Why it matters: It is a reminder that enterprise web-app authorization gaps remain common and are findable through ordinary black-box testing, but it is a single researcher account without vendor confirmation.
  • Follow-up: None; no CVE assigned.

Send feedback on this story