CVE-2026-8127

eladmin Users API Endpoint UserController.java checkLevel access control

CVSS 5.3 MEDIUMEPSS 0.2%CWE-266 CWE-284

A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Produtos afetados

n/a · eladmin

PoCs públicas encontradas — 1

cve_referencegithub.com/elunez/eladmin/issues/897não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/elunez/eladmin/issues/897 https://vuldb.com/submit/808771 https://vuldb.com/vuln/361917 https://vuldb.com/vuln/361917/cti