CVE-2026-30944

StudioCMS Affected by Privilege Escalation via Insecure API Token Generation

CVSS 8.8 HIGHEPSS 0.6%CWE-639 CWE-863

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.8EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

10 mar 2026Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target user ID, resulting in a full privilege escalation. This vulnerability is fixed in 0.4.0.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Produtos afetados

withstudiocms · studiocms

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/withstudiocms/studiocms/commit/f4a209fc090c90195e2419fff47b48a46eab7441 https://github.com/withstudiocms/studiocms/releases/tag/studiocms@0.4.0 https://github.com/withstudiocms/studiocms/security/advisories/GHSA-667w-mmh7-mrr4