TROYANOSYVIRUS
Volver a CVEs

CVE-2026-23550

CRITICAL
10.0

Descripcion

Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.

Detalles CVE

Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado1/14/2026
Ultima modificacion1/14/2026
Fuentenvd
Avistamientos honeypot0

Debilidades (CWE)

CWE-266

Referencias

https://help.modulards.com/en/article/modular-ds-security-release-modular-connector-252-dm3mv0/(audit@patchstack.com)
https://patchstack.com/articles/critical-privilege-escalation-vulnerability-in-modular-ds-plugin-affecting-40k-sites-exploited-in-the-wild/(audit@patchstack.com)
https://patchstack.com/database/wordpress/plugin/modular-connector/vulnerability/wordpress-modular-ds-monitor-update-and-backup-multiple-websites-plugin-2-5-1-privilege-escalation-vulnerability?_s_id=cve(audit@patchstack.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.