Sarthakkc36

**Name of the Vulnerable Software and Affected Versions** Flag Forge versions prior to 2.2.0 **Description** Flag Forge is a Capture The Flag (CTF) platform. The `/api/admin/assign-badge` endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges, such as Staff, to themselves. This can lead to privilege escalation and impersonation of administrative roles. **Recommendations** Versions prior to 2.2.0 should be updated to version 2.2.0 or later.