October · October Cms · CVE-2021-41126
**Name of the Vulnerable Software and Affected Versions**
October CMS versions prior to 2.1.12
**Description**
The issue affects administrator accounts in October CMS, which is a Content Management System (CMS) and web platform built on the Laravel PHP Framework. Administrator accounts that had previously been deleted may still be able to sign in to the backend.
**Recommendations**
For versions prior to 2.1.12, update to version 2.1.12 or later to resolve the issue.
As a temporary workaround, consider resetting the password of the deleted accounts to prevent them from signing in.
If you are unable to upgrade, contact hello@octobercms.com for code change instructions.