Lucene search
K

4 matches found

Circl
Circl
added 3 days ago9 views

CVE-2026-58054

creationtimestamp| type| source ---|---|--- 2026-06-28 05:25:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mpdacxvisr2t 2026-06-29 14:53:22+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mpgqjdouzw2r 2026-06-29 14:53:25+00:00| seen|...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References3
NVD
NVD
added 3 days ago9 views

CVE-2026-58054

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
CVE
CVE
added 3 days ago23 views

CVE-2026-58054

MyBB 1.8.40 is affected: the limited Admin Control Panel user management can assign the Administrators group (gid 4) because verify_usergroup() unconditionally returns true. This enables escalation from delegated user-management to full Administrator permissions. The issue comes from the user mod...

8.6CVSS5.8AI score0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-58054 MyBB - Privilege Escalation from Limited ACP User Management to Administrator

MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when creating or editing users; the user module offers the Administrators group gid 4 and its datahandler's verifyusergroup unconditionally returns true. An admin holding only the delegated user-management...

8.6CVSS0.00272EPSS
Exploits0References2
Rows per page
Query Builder