CVE-2026-23550
Privilege Escalation via Incorrect Privilege Assignment in Modular DS
Publication date: 2026-01-14
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | modular_ds | to 2.5.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Incorrect Privilege Assignment in Modular DS that allows an attacker to escalate their privileges. It affects versions up to 2.5.1 and can enable unauthorized users to gain higher-level access than intended.
How can this vulnerability impact me? :
The vulnerability can lead to privilege escalation, allowing attackers to gain full control over the affected system. This can result in complete compromise, including unauthorized data access, modification, and disruption of services.
What immediate steps should I take to mitigate this vulnerability?
Users are strongly advised to apply Patchstackβs mitigation rule immediately to block attacks exploiting this vulnerability until an official fix becomes available. Since no official patch has been released as of January 14, 2026, applying this mitigation is the recommended immediate step to protect your website. [1]