2 matches found
CVE-2026-40869 Decidim amendments can be accepted or rejected by anyone
Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature i...
CVE-2026-40869
CVE-2026-40869 — Decidim : Affected versions of the Decidim framework (starting from 0.19.0 up to, but not including, 0.30.5 and 0.31.1) allow any registered and authenticated user to accept or reject amendments. The vulnerability stems from insufficient permission checks in the amendment accepta...