91 matches found
CVE-2026-32104 StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...
CVE-2026-32104
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID from the request payload and uses it to update that user's notification preferences. It checks that the caller is logged in but never...
CVE-2026-32106 StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...
CVE-2026-32106 StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...
CVE-2026-32106 StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...
CVE-2026-32103 StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the POST /studiocmsapi/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account...
CVE-2026-32103
Summary: CVE-2026-32103 affects StudioCMS prior to version 0.4.3. The vulnerability resides in the POST /studiocms_api/dashboard/create-reset-link endpoint, where an authenticated admin can generate a password reset token for any user (including the owner) without validating that the target userI...
CVE-2026-32101 StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...
CVE-2026-32101 StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...
CVE-2026-32101 StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...
CVE-2026-32101
CVE-2026-32101 affects StudioCMS S3 Storage Manager prior to version 0.3.1. The isAuthorized() function is async but is called without await in both the POST and PUT handlers, causing the authorization check to always evaluate to bypass due to Promise objects being truthy. As a result, any authen...
CVE-2026-32101
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized function is declared async returns Promise but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in...
CVE-2026-32104
creationtimestamp| type| source ---|---|--- 2026-03-11 14:50:34+00:00| published-proof-of-concept| https://github.com/withstudiocms/studiocms/security/advisories/GHSA-9v82-xrm4-mp52...
GHSA-8RGJ-VRFR-6HQR StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service
Summary The DELETE /studiocmsapi/dashboard/api-tokens endpoint allows any authenticated user with editor privileges or above to revoke API tokens belonging to any other user, including admin and owner accounts. The handler accepts tokenID and userID directly from the request payload without...
EUVD-2026-10557
StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service...
Authorization Bypass Through User-Controlled Key
Overview studiocms is an A Community-Driven Astro native CMS. Built from the ground up by the Astro community. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the DELETE /studiocmsapi/dashboard/api-tokens endpoint. An attacker can revoke AP...
@studiocms/migrator (>=0.2.0 <=0.2.1) potentially affected by CVE-2026-30945 via studiocms (>=0.2.0 <=0.3.0)
studiocms NPM version =0.2.0, =0.2.0, =0.2.1 Source cves: CVE-2026-30945 Source advisory: SNYK:JS-STUDIOCMS-15518585...
studiocms (>=0.1.0 <=0.1.0-beta.31) potentially affected by CVE-2026-30945 via @withstudiocms/auth-kit (>=0.1.0-beta.1 <=0.1.0)
@withstudiocms/auth-kit NPM version =0.1.0-beta.1, =0.1.0, =0.1.0-beta.31 Source cves: CVE-2026-30945 Source advisory: SNYK:JS-WITHSTUDIOCMSAUTHKIT-15518584...
Authorization Bypass Through User-Controlled Key
Overview @withstudiocms/api-spec is an API Specification for StudioCMS Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the DELETE /studiocmsapi/dashboard/api-tokens endpoint. An attacker can revoke API tokens belonging to other users,...
EUVD-2026-10558
StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service...