CVE-2026-61463 in shiori정보

요약

\~에 의해 MITRE • 2026. 07. 13.

Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATCH request with owner: true, then re-authenticate to obtain an admin JWT token granting full system access.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

책임이 있는

VulnCheck

예약하다

2026. 07. 09.

모더레이션

수락

항목

VDB-378138

EPSS

0.00000

활동

낮음

출처

Do you want to use VulDB in your project?

Use the official API to access entries easily!