Improper Authorization in Pimcore Studio Backend bundle - CVE-2026-55212
Published: June 29, 2026
Pimcore Studio Backend bundle
Detailed vulnerability description
The vulnerability allows a remote user to escalate privileges.
The vulnerability exists due to improper authorization in the Studio API class definition creation endpoint when handling class definition creation requests. A remote user can send a crafted request to create class definitions and escalate privileges.
The issue affects authenticated users with the standard objects permission, even though the operation should be restricted to class-management functionality.