CVE-2026-34406

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

EUVD-2026-17671

APTRS Automated Penetration Testing Reporting System is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. Prior to version 2.0.1, the edituser endpoint POST /api/auth/edituser/ allows Any user who can reach that endpoint and submit...

CVE-2026-34406

APTRS (Automated Penetration Testing Reporting System) is a Python/Django-based tool. Before v2.0.1, the edit_user endpoint (POST /api/auth/edituser/) lets any reachable user grant themselves or another account superuser by sending is_superuser: true. Root cause: CustomUserSerializer includes is_...

CVE-2025-7044

An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the issuperuser property set to true. The server improperly validates this input, allowing the attacker to...

PT-2025-48821

Name of the Vulnerable Software and Affected Versions MAAS affected versions not specified Description An improper input validation issue exists in the user websocket handler. An authenticated, unprivileged attacker can intercept a user.update websocket request and modify the is superuser propert...

Ansible Tower 'is_superuser' Parameter Remote Elevation of Privilege Vulnerability

Ansible is simple configuration management, deployment, task execution, and multi-node authoring framework. A remote elevation of privilege vulnerability exists in the Ansible Tower 'issuperuser' parameter, which can be exploited by an attacker to create a super administrator account and gain...