CVE-2026-54415

Missing Authorization in the server management routes (routes/admin.php) in Azuriom Azuriom CMS before 1.2.11 on all platforms allows an authenticated attacker with the admin.access permission to create AzLink server tokens and take over non-admin user accounts by changing their passwords and email addresses via crafted HTTP requests to /admin/servers/create and the AzLink API endpoints (/api/azlink/password, /api/azlink/email, /api/azlink/user/{id}).
Configurations

No configuration.

History

17 Jun 2026, 17:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-17 15:17

Updated : 2026-06-17 17:17


NVD link : CVE-2026-54415

Mitre link : CVE-2026-54415

CVE.ORG link : CVE-2026-54415


JSON object : View

Products Affected

No product.

CWE
CWE-269

Improper Privilege Management

CWE-862

Missing Authorization