← Zuruck zu CVEs
CVE-2026-41662
MEDIUM5.2
Beschreibung
Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership() does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership() contains this safety check, but the current code path bypasses it. Any administrator can remove the last remaining other administrator, locking the entire system out of administrative access. The exploit does not require concurrent requests; sequential removals produce the same result. This issue has been patched in version 5.0.9.
CVE Details
CVSS v3.1 Bewertung5.2
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienHIGH
BenutzerinteraktionREQUIRED
Veroffentlicht5/7/2026
Zuletzt geandert5/7/2026
Quellenvd
Honeypot-Sichtungen0
Schwachen (CWE)
CWE-754
Referenzen
https://github.com/Admidio/admidio/releases/tag/v5.0.9(security-advisories@github.com)
https://github.com/Admidio/admidio/security/advisories/GHSA-c7xm-r6vj-8vg6(security-advisories@github.com)
https://github.com/Admidio/admidio/security/advisories/GHSA-c7xm-r6vj-8vg6(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.