CVE-2026-8077 is a missing authorization vulnerability in the CashDro 3 web administration panel (version 24.01.00.26) that allows an unauthenticated or low-privileged attacker to gain full administrative control by submitting a client-controlled Permissions field. No vendor patch has been confirmed as of the source data publication date. Organizations running this POS management interface with network-accessible admin panels should restrict access immediately.