4 matches found
CVE-2026-58054
creationtimestamp| type| source ---|---|--- 2026-06-28 05:25:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpdacxvisr2t 2026-06-29 14:53:22+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgqjdouzw2r 2026-06-29 14:53:25+00:00| seen|...
CVE-2026-58054
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...
CVE-2026-58054
MyBB 1.8.40 is affected: the limited Admin Control Panel user management can assign the Administrators group (gid 4) because verify_usergroup() unconditionally returns true. This enables escalation from delegated user-management to full Administrator permissions. The issue comes from the user mod...
CVE-2026-58054 MyBB - Privilege Escalation from Limited ACP User Management to Administrator
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...