CVE-2026-61463 in shiori
الملخص
بحسب MITRE • 13/07/2026
Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATCH request with owner: true, then re-authenticate to obtain an admin JWT token granting full system access.
If you want to get best quality of vulnerability data, you may have to visit VulDB.