CVE-2026-41663

LOW SEVERITY

CVSS Score & Metrics

Base Score

3.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L                                    

Vulnerability Description

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module (database backup, test email, htaccess generation) fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GET navigations, an attacker forces an authenticated admin to trigger these actions from a malicious page. This issue has been patched in version 5.0.9.

Vulnerability Details

Published Date

April 29, 2026

Last Modified

May 07, 2026

CWE ID

CWE-352

Source

GitHub

Vendor

composer

Product

admidio/admidio

External References

https://github.com/Admidio/admidio/security/advisories/GHSA-rw74-vc9h-534j
https://github.com/advisories/GHSA-rw74-vc9h-534j

CVE-2026-41663

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment