CVE-2026-27198

Name of the Vulnerable Software and Affected Versions Formwork versions 2.0.0 through 2.3.3

Description Formwork is a flat file-based Content Management System (CMS). The application does not properly enforce role-based authorization during account creation. Specifically, it does not verify if the current user has the necessary privileges to assign highly privileged roles, such as admin. This allows an authenticated user with the editor role to create a new account with administrative privileges, resulting in full administrative access and potential compromise of the CMS.

Recommendations Update to version 2.3.4 or later.