CVE-2026-32106

{"id": "CVE-2026-32106", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2026-03-11T21:16:16.603", "references": [{"url": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence. This vulnerability is fixed in 0.4.3."}, {"lang": "es", "value": "StudioCMS es un sistema de gesti\u00f3n de contenido sin cabeza, nativo de Astro y renderizado en el lado del servidor. Antes de la versi\u00f3n 0.4.3, el endpoint createUser de la API REST utiliza comprobaciones de rango basadas en cadenas que solo bloquean la creaci\u00f3n de cuentas de propietario, mientras que la API del Panel de Control utiliza una comparaci\u00f3n de rango basada en indexOf que impide la creaci\u00f3n de usuarios con un rango igual o superior al propio. Esta inconsistencia permite a un administrador crear cuentas de administrador adicionales a trav\u00e9s de la API REST, lo que permite la proliferaci\u00f3n y persistencia de privilegios. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.4.3."}], "lastModified": "2026-03-17T15:36:52.710", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:studiocms:studiocms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD3D1012-B2EE-465F-8398-96C5B01C1399", "versionEndExcluding": "0.4.3"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}