CVE-2026-32106
Privilege Escalation via Inconsistent Rank Checks in StudioCMS REST API
Publication date: 2026-03-11
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| studiocms | studiocms | to 0.4.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-269 | The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-32106 is a vulnerability in StudioCMS versions prior to 0.4.3 caused by inconsistent permission checks between its REST API and Dashboard API when creating user accounts.'}, {'type': 'paragraph', 'content': "The REST API's createUser endpoint only blocks creation of 'owner' accounts by non-owners but fails to prevent an admin from creating additional admin accounts. In contrast, the Dashboard API correctly prevents creating users with ranks equal to or higher than the caller's rank."}, {'type': 'paragraph', 'content': 'This inconsistency allows an admin to create more admin accounts via the REST API, leading to privilege proliferation and persistence.'}] [1]
How can this vulnerability impact me? :
This vulnerability allows an attacker with admin-level access to create additional admin accounts through the REST API without proper authorization.
As a result, it enables privilege escalation and persistence, meaning unauthorized users can gain or maintain high-level administrative privileges.
The impact includes low confidentiality, integrity, and availability risks but can lead to unauthorized administrative control over the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring REST API calls to the createUser endpoint, specifically POST requests to /studiocms_api/rest/v1/secure/users that create new admin accounts.'}, {'type': 'paragraph', 'content': 'You can look for suspicious creation of admin users via the REST API by inspecting logs or using network monitoring tools to detect unauthorized privilege escalation attempts.'}, {'type': 'paragraph', 'content': 'A suggested command to detect such activity could be using curl or similar tools to test the endpoint with an admin token and attempt to create an admin user, verifying if the request is improperly allowed.'}, {'type': 'list_item', 'content': 'Example curl command to test the vulnerability: curl -X POST https://your-studiocms-instance/studiocms_api/rest/v1/secure/users -H "Authorization: Bearer <admin-token>" -H "Content-Type: application/json" -d \'{"username":"testadmin","permissionLevel":"admin"}\''}, {'type': 'paragraph', 'content': 'If the above request succeeds in creating an admin user without proper authorization errors, the system is vulnerable.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade StudioCMS to version 0.4.3 or later, where the REST API implements proper indexOf-based rank comparison to prevent unauthorized creation of admin accounts.
Until the upgrade can be applied, restrict access to the REST API createUser endpoint to only trusted users and monitor API usage closely for suspicious account creations.
Additionally, review and audit existing admin accounts to detect any unauthorized privilege proliferation.