CVE-2026-34427

CVSS v3.1

8.8

High

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role id=1 into profile save requests to escalate to Super Administrator privileges, enabling plugin upload functionality for remote code execution.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-915

Related Identifiers

CVE-2026-34427

Affected Products

Vvveb

CVE-2026-34427

Weakness Enumeration

Related Identifiers

Affected Products

References · 3