CVE-2026-32106 in studiocmsinfo

Zusammenfassung

von MITRE • 12.03.2026

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence. This vulnerability is fixed in 0.4.3.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

10.03.2026

Veröffentlichung

12.03.2026

Moderieren

akzeptiert

Eintrag

VDB-350641

CPE

bereit

CWE

CWE-269 (bestätigt)

CVSS

7.2 (NVD)

EPSS

0.00025

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-32106
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-32106
CVE Details	https://www.cvedetails.com/cve/CVE-2026-32106/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!