CVE-2026-61463 in shioriالمعلومات

الملخص

بحسب MITRE • 13/07/2026

Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATCH request with owner: true, then re-authenticate to obtain an admin JWT token granting full system access.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

مسؤول

VulnCheck

حجز

09/07/2026

إفشاء

13/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-378138

EPSS

0.00000

KEV

لا

النشاطات

منخفض

المصادر

Interested in the pricing of exploits?

See the underground prices here!