Vulnerability-Lookup

CVE-2026-32106 (GCVE-0-2026-32106)

Vulnerability from cvelistv5 – Published: 2026-03-11 20:09 – Updated: 2026-03-12 19:48

Title

StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts

Summary

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence. This vulnerability is fixed in 0.4.3.

Severity ?

4.7 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-269 - Improper Privilege Management

Assigner

GitHub_M

References

URL

Tags

https://github.com/withstudiocms/studiocms/securi…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	withstudiocms	studiocms	Affected: < 0.4.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-32106",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-12T19:48:27.305162Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-12T19:48:33.042Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "studiocms",
          "vendor": "withstudiocms",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.4.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence. This vulnerability is fixed in 0.4.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "CWE-269: Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T20:09:12.095Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q"
        }
      ],
      "source": {
        "advisory": "GHSA-wj56-g96r-673q",
        "discovery": "UNKNOWN"
      },
      "title": "StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-32106",
    "datePublished": "2026-03-11T20:09:12.095Z",
    "dateReserved": "2026-03-10T22:02:38.854Z",
    "dateUpdated": "2026-03-12T19:48:33.042Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-32106\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-11T21:16:16.603\",\"lastModified\":\"2026-03-17T15:36:52.710\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence. This vulnerability is fixed in 0.4.3.\"},{\"lang\":\"es\",\"value\":\"StudioCMS es un sistema de gesti\u00f3n de contenido sin cabeza, nativo de Astro y renderizado en el lado del servidor. Antes de la versi\u00f3n 0.4.3, el endpoint createUser de la API REST utiliza comprobaciones de rango basadas en cadenas que solo bloquean la creaci\u00f3n de cuentas de propietario, mientras que la API del Panel de Control utiliza una comparaci\u00f3n de rango basada en indexOf que impide la creaci\u00f3n de usuarios con un rango igual o superior al propio. Esta inconsistencia permite a un administrador crear cuentas de administrador adicionales a trav\u00e9s de la API REST, lo que permite la proliferaci\u00f3n y persistencia de privilegios. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.4.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":4.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:studiocms:studiocms:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.4.3\",\"matchCriteriaId\":\"BD3D1012-B2EE-465F-8398-96C5B01C1399\"}]}]}],\"references\":[{\"url\":\"https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-32106\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-12T19:48:27.305162Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-12T19:48:30.362Z\"}}], \"cna\": {\"title\": \"StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts\", \"source\": {\"advisory\": \"GHSA-wj56-g96r-673q\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"withstudiocms\", \"product\": \"studiocms\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 0.4.3\"}]}], \"references\": [{\"url\": \"https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q\", \"name\": \"https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence. This vulnerability is fixed in 0.4.3.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-269\", \"description\": \"CWE-269: Improper Privilege Management\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-11T20:09:12.095Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-32106\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-12T19:48:33.042Z\", \"dateReserved\": \"2026-03-10T22:02:38.854Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-11T20:09:12.095Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-WJ56-G96R-673Q

Vulnerability from github – Published: 2026-03-12 14:49 – Updated: 2026-03-12 14:49

Summary

StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts

Details

Summary

The REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence.

Details

The REST API handler in packages/studiocms/frontend/pages/studiocms_api/_handlers/rest-api/v1/secure.ts:1365-1378:

// REST API — only blocks creating 'owner'
if (newUserRank === 'owner' && rank !== 'owner') {
    return yield* new RestAPIError({
        error: 'Unauthorized to create user with owner rank',
    });
}

if (rank === 'admin' && newUserRank === 'owner') {
    return yield* new RestAPIError({
        error: 'Unauthorized to create user with owner rank',
    });
}

// Missing: no check preventing admin from creating admin
// newUserRank='admin' passes all checks

The Dashboard API handler in _handlers/dashboard/create.ts uses the correct approach:

// Dashboard API — blocks creating users at or above own rank
const callerPerm = availablePermissionRanks.indexOf(userData.permissionLevel);
const targetPerm = availablePermissionRanks.indexOf(rank);

if (targetPerm >= callerPerm) {
    return yield* new DashboardAPIError({
        error: 'Unauthorized: insufficient permissions to assign target rank',
    });
}

With availablePermissionRanks = ['unknown', 'visitor', 'editor', 'admin', 'owner']: - Admin (index 3) creating admin (index 3): 3 >= 3 = blocked in Dashboard - In REST API: no such check — allowed

PoC

# 1. Use an admin-level API token

# 2. Create a new admin user via REST API
curl -X POST 'http://localhost:4321/studiocms_api/rest/v1/secure/users' \
  -H 'Authorization: Bearer <admin-api-token>' \
  -H 'Content-Type: application/json' \
  -d '{
    "username": "rogue_admin",
    "email": "rogue@attacker.com",
    "displayname": "Rogue Admin",
    "rank": "admin",
    "password": "StrongP@ssw0rd123"
  }'

# Expected: 403 Forbidden (admin should not create peer admin accounts)
# Actual: 200 with new admin user created

Impact

A compromised or rogue admin can create additional admin accounts as persistence mechanisms that survive password resets or token revocations
Inconsistent security model between Dashboard API and REST API creates confusion about intended authorization boundaries
Note: requires admin access (PR:H), which limits practical severity

Recommended Fix

Replace string-based checks with indexOf comparison in packages/studiocms/frontend/pages/studiocms_api/_handlers/rest-api/v1/secure.ts:

// Before:
if (newUserRank === 'owner' && rank !== 'owner') { ... }
if (rank === 'admin' && newUserRank === 'owner') { ... }

// After:
const availablePermissionRanks = ['unknown', 'visitor', 'editor', 'admin', 'owner'];
const callerPerm = availablePermissionRanks.indexOf(rank);
const targetPerm = availablePermissionRanks.indexOf(newUserRank);

if (targetPerm >= callerPerm) {
    return yield* new RestAPIError({
        error: 'Unauthorized: insufficient permissions to assign target rank',
    });
}

Severity ?

4.7 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 0.4.2"
      },
      "package": {
        "ecosystem": "npm",
        "name": "studiocms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-32106"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-12T14:49:48Z",
    "nvd_published_at": "2026-03-11T21:16:16Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nThe REST API `createUser` endpoint uses string-based rank checks that only block creating `owner` accounts, while the Dashboard API uses `indexOf`-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence.\n\n## Details\n\nThe REST API handler in `packages/studiocms/frontend/pages/studiocms_api/_handlers/rest-api/v1/secure.ts:1365-1378`:\n\n```typescript\n// REST API \u2014 only blocks creating \u0027owner\u0027\nif (newUserRank === \u0027owner\u0027 \u0026\u0026 rank !== \u0027owner\u0027) {\n    return yield* new RestAPIError({\n        error: \u0027Unauthorized to create user with owner rank\u0027,\n    });\n}\n\nif (rank === \u0027admin\u0027 \u0026\u0026 newUserRank === \u0027owner\u0027) {\n    return yield* new RestAPIError({\n        error: \u0027Unauthorized to create user with owner rank\u0027,\n    });\n}\n\n// Missing: no check preventing admin from creating admin\n// newUserRank=\u0027admin\u0027 passes all checks\n```\n\nThe Dashboard API handler in `_handlers/dashboard/create.ts` uses the correct approach:\n\n```typescript\n// Dashboard API \u2014 blocks creating users at or above own rank\nconst callerPerm = availablePermissionRanks.indexOf(userData.permissionLevel);\nconst targetPerm = availablePermissionRanks.indexOf(rank);\n\nif (targetPerm \u003e= callerPerm) {\n    return yield* new DashboardAPIError({\n        error: \u0027Unauthorized: insufficient permissions to assign target rank\u0027,\n    });\n}\n```\n\nWith `availablePermissionRanks = [\u0027unknown\u0027, \u0027visitor\u0027, \u0027editor\u0027, \u0027admin\u0027, \u0027owner\u0027]`:\n- Admin (index 3) creating admin (index 3): `3 \u003e= 3` = blocked in Dashboard\n- In REST API: no such check \u2014 allowed\n\n## PoC\n\n```bash\n# 1. Use an admin-level API token\n\n# 2. Create a new admin user via REST API\ncurl -X POST \u0027http://localhost:4321/studiocms_api/rest/v1/secure/users\u0027 \\\n  -H \u0027Authorization: Bearer \u003cadmin-api-token\u003e\u0027 \\\n  -H \u0027Content-Type: application/json\u0027 \\\n  -d \u0027{\n    \"username\": \"rogue_admin\",\n    \"email\": \"rogue@attacker.com\",\n    \"displayname\": \"Rogue Admin\",\n    \"rank\": \"admin\",\n    \"password\": \"StrongP@ssw0rd123\"\n  }\u0027\n\n# Expected: 403 Forbidden (admin should not create peer admin accounts)\n# Actual: 200 with new admin user created\n```\n\n## Impact\n\n- A compromised or rogue admin can create additional admin accounts as persistence mechanisms that survive password resets or token revocations\n- Inconsistent security model between Dashboard API and REST API creates confusion about intended authorization boundaries\n- Note: requires admin access (PR:H), which limits practical severity\n\n## Recommended Fix\n\nReplace string-based checks with `indexOf` comparison in `packages/studiocms/frontend/pages/studiocms_api/_handlers/rest-api/v1/secure.ts`:\n\n```typescript\n// Before:\nif (newUserRank === \u0027owner\u0027 \u0026\u0026 rank !== \u0027owner\u0027) { ... }\nif (rank === \u0027admin\u0027 \u0026\u0026 newUserRank === \u0027owner\u0027) { ... }\n\n// After:\nconst availablePermissionRanks = [\u0027unknown\u0027, \u0027visitor\u0027, \u0027editor\u0027, \u0027admin\u0027, \u0027owner\u0027];\nconst callerPerm = availablePermissionRanks.indexOf(rank);\nconst targetPerm = availablePermissionRanks.indexOf(newUserRank);\n\nif (targetPerm \u003e= callerPerm) {\n    return yield* new RestAPIError({\n        error: \u0027Unauthorized: insufficient permissions to assign target rank\u0027,\n    });\n}\n```",
  "id": "GHSA-wj56-g96r-673q",
  "modified": "2026-03-12T14:49:48Z",
  "published": "2026-03-12T14:49:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32106"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/withstudiocms/studiocms"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts"
}

FKIE_CVE-2026-32106

Vulnerability from fkie_nvd - Published: 2026-03-11 21:16 - Updated: 2026-03-17 15:36

Severity ?

4.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q	Exploit, Vendor Advisory

Impacted products

	Vendor	Product	Version
	studiocms	studiocms	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:studiocms:studiocms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3D1012-B2EE-465F-8398-96C5B01C1399",
              "versionEndExcluding": "0.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence. This vulnerability is fixed in 0.4.3."
    },
    {
      "lang": "es",
      "value": "StudioCMS es un sistema de gesti\u00f3n de contenido sin cabeza, nativo de Astro y renderizado en el lado del servidor. Antes de la versi\u00f3n 0.4.3, el endpoint createUser de la API REST utiliza comprobaciones de rango basadas en cadenas que solo bloquean la creaci\u00f3n de cuentas de propietario, mientras que la API del Panel de Control utiliza una comparaci\u00f3n de rango basada en indexOf que impide la creaci\u00f3n de usuarios con un rango igual o superior al propio. Esta inconsistencia permite a un administrador crear cuentas de administrador adicionales a trav\u00e9s de la API REST, lo que permite la proliferaci\u00f3n y persistencia de privilegios. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.4.3."
    }
  ],
  "id": "CVE-2026-32106",
  "lastModified": "2026-03-17T15:36:52.710",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2026-03-11T21:16:16.603",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-269"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-32106 (GCVE-0-2026-32106)

GHSA-WJ56-G96R-673Q

Summary

Details

PoC

Impact

Recommended Fix

FKIE_CVE-2026-32106

Tags

Sightings

Nomenclature