CVE-2026-61463 in shiori
요약
\~에 의해 MITRE • 2026. 07. 13.
Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATCH request with owner: true, then re-authenticate to obtain an admin JWT token granting full system access.
If you want to get best quality of vulnerability data, you may have to visit VulDB.