PT-2026-41861 · Unknown · Frontend User Registration
Sebastian Fischer
+1
·
Published
2026-05-19
·
Updated
2026-05-19
·
CVE-2026-46721
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
Frontend User Registration (sf register) (affected versions not specified)
Description
The create and edit flows fail to restrict submitted user properties and do not enforce access control on frontend user group assignments. This allows an attacker to assign an arbitrary frontend user group to a newly registered or edited account, leading to unauthorized access to content and functionality reserved for privileged frontend user groups.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Frontend User Registration