Main Vulnerability Database Vulnerabilities #VU124044

Missing Authorization in Admidio - CVE-2026-32817

Published: March 16, 2026 / Updated: March 17, 2026

Vulnerability identifier: #VU124044

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2026-32817

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Admidio

Affected software:
Admidio

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the documents and files module does not verify whether the current user has permission to delete folders or files. A remote attacker can permanently destroy the entire document library.

How to mitigate CVE-2026-32817

Install updates from vendor's website.

Sources

https://github.com/Admidio/admidio/security/advisories/GHSA-rmpj-3x5m-9m5f

Missing Authorization in Admidio - CVE-2026-32817

Detailed vulnerability description

How to mitigate CVE-2026-32817

Sources

Please verify you're human