CVE-2026-32101
CVE-2026-32101 affects StudioCMS S3 Storage Manager prior to version 0.3.1. The isAuthorized() function is async but is called without await in both the POST and PUT handlers, causing the authorization check to always evaluate to bypass due to Promise objects being truthy. As a result, any authen...