CVE-2026-41659

Admidio is an open-source user management solution. Prior to version 5.0.9, the member assignment DataTables endpoint membersassignmentdata.php includes hidden profile fields BIRTHDAY, STREET, CITY, POSTCODE, COUNTRY in its SQL search condition regardless of field visibility settings. While the...

CVE-2026-41671

Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint /modules/sso/index.php/oidc/introspect always returns "active": true for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or...

CVE-2026-41662

Admidio is an open-source user management solution. Prior to version 5.0.9, Role::stopMembership does not verify whether removing a user from the administrator role leaves zero administrators. The deprecated Membership::stopMembership contains this safety check, but the current code path bypasses...

CVE-2026-41660

Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...

EUVD-2026-31269

Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....

CVE-2026-6841

Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....

CVE-2026-41669

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

CVE-2026-41670

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

CVE-2026-41663

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...

CVE-2026-41661

Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in system/msgwindow.php. The endpoint passes user input through htmlspecialchars, which does not encode...

CVE-2026-41658

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio inventory module enforces authorization for destructive operations delete, retire, reinstate only in the UI layer by conditionally rendering buttons. The backend POST handlers at modules/inventory.php for...

CVE-2026-42194 Incomplete fix for CVE-2026-32812: SSRF in admidio

Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetchmetadata.php validates the resolved IP address but passes the original hostname-based URL to curlinit, leaving a DNS rebinding TOCTOU window that allows redirecting requests to...

CVE-2026-41671 Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation

Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint /modules/sso/index.php/oidc/introspect always returns "active": true for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or...

EUVD-2026-28283

Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint /modules/sso/index.php/oidc/introspect always returns "active": true for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or...

CVE-2026-41671

Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint /modules/sso/index.php/oidc/introspect always returns "active": true for every request, regardless of whether a valid token is provided, whether the token is expired, revoked, or...

CVE-2026-41670 Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

CVE-2026-41669

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

EUVD-2026-28278

Admidio is an open-source user management solution. Prior to version 5.0.9, several administrative operations in Admidio's preferences module database backup, test email, htaccess generation fire via GET requests with no CSRF token validation. Because SameSite=Lax cookies travel with top-level GE...

CVE-2026-41660 Admidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTP

Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...