Main Vulnerability Database Vulnerabilities #VU124044

#VU124044 Missing Authorization in Admidio - CVE-2026-32817

Published: March 16, 2026 / Updated: March 17, 2026

Vulnerability identifier: #VU124044

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2026-32817

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Admidio

Software vendor:
Admidio

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the documents and files module does not verify whether the current user has permission to delete folders or files. A remote attacker can permanently destroy the entire document library.

Remediation

Install updates from vendor's website.

External links

https://github.com/Admidio/admidio/security/advisories/GHSA-rmpj-3x5m-9m5f

#VU124044 Missing Authorization in Admidio - CVE-2026-32817

Description

Remediation

External links

Please verify you're human