Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-kv1r-cpaa-8kd7

Summary StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.4, the REST API `getUsers` endpoint in StudioCMS uses the attacker-controlled `rank` query parameter to decide whether owner accounts should be filtered from the result set. As a result, an admin token can request `rank=owner` and receive owner account records, including IDs, usernames, display names, and email addresses, even though the adjacent `getUser` endpoint correctly blocks admins from viewing owner users. This is an authorization inconsistency inside the same user-management surface. Version 0.4.4 fixes the issue.

Aliases

alias	CVE-2026-32638

alias	GHSA-xvf4-ch4q-2m24

Fixed_packages

url	pkg:npm/studiocms@0.4.4
purl	pkg:npm/studiocms@0.4.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.4.4

Affected_packages

url pkg:npm/studiocms@0.1.0-beta.5

purl pkg:npm/studiocms@0.1.0-beta.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.5

url pkg:npm/studiocms@0.1.0-beta.6

purl pkg:npm/studiocms@0.1.0-beta.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.6

url pkg:npm/studiocms@0.1.0-beta.7

purl pkg:npm/studiocms@0.1.0-beta.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.7

url pkg:npm/studiocms@0.1.0-beta.8

purl pkg:npm/studiocms@0.1.0-beta.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.8

url pkg:npm/studiocms@0.1.0-beta.9

purl pkg:npm/studiocms@0.1.0-beta.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.9

url pkg:npm/studiocms@0.1.0-beta.10

purl pkg:npm/studiocms@0.1.0-beta.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.10

url pkg:npm/studiocms@0.1.0-beta.11

purl pkg:npm/studiocms@0.1.0-beta.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.11

url pkg:npm/studiocms@0.1.0-beta.12

purl pkg:npm/studiocms@0.1.0-beta.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.12

url pkg:npm/studiocms@0.1.0-beta.13

purl pkg:npm/studiocms@0.1.0-beta.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.13

url pkg:npm/studiocms@0.1.0-beta.14

purl pkg:npm/studiocms@0.1.0-beta.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.14

url pkg:npm/studiocms@0.1.0-beta.15

purl pkg:npm/studiocms@0.1.0-beta.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.15

url pkg:npm/studiocms@0.1.0-beta.16

purl pkg:npm/studiocms@0.1.0-beta.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.16

url pkg:npm/studiocms@0.1.0-beta.17

purl pkg:npm/studiocms@0.1.0-beta.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.17

url pkg:npm/studiocms@0.1.0-beta.18

purl pkg:npm/studiocms@0.1.0-beta.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.18

url pkg:npm/studiocms@0.1.0-beta.19

purl pkg:npm/studiocms@0.1.0-beta.19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.19

url pkg:npm/studiocms@0.1.0-beta.20

purl pkg:npm/studiocms@0.1.0-beta.20

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.20

url pkg:npm/studiocms@0.1.0-beta.21

purl pkg:npm/studiocms@0.1.0-beta.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.21

url pkg:npm/studiocms@0.1.0-beta.22

purl pkg:npm/studiocms@0.1.0-beta.22

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.22

url pkg:npm/studiocms@0.1.0-beta.23

purl pkg:npm/studiocms@0.1.0-beta.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.23

url pkg:npm/studiocms@0.1.0-beta.24

purl pkg:npm/studiocms@0.1.0-beta.24

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.24

url pkg:npm/studiocms@0.1.0-beta.25

purl pkg:npm/studiocms@0.1.0-beta.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.25

url pkg:npm/studiocms@0.1.0-beta.26

purl pkg:npm/studiocms@0.1.0-beta.26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.26

url pkg:npm/studiocms@0.1.0-beta.27

purl pkg:npm/studiocms@0.1.0-beta.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.27

url pkg:npm/studiocms@0.1.0-beta.28

purl pkg:npm/studiocms@0.1.0-beta.28

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.28

url pkg:npm/studiocms@0.1.0-beta.29

purl pkg:npm/studiocms@0.1.0-beta.29

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.29

url pkg:npm/studiocms@0.1.0-beta.30

purl pkg:npm/studiocms@0.1.0-beta.30

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.30

url pkg:npm/studiocms@0.1.0-beta.31

purl pkg:npm/studiocms@0.1.0-beta.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0-beta.31

url pkg:npm/studiocms@0.1.0

purl pkg:npm/studiocms@0.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.0

url pkg:npm/studiocms@0.1.1

purl pkg:npm/studiocms@0.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-b95n-ckqf-hqc5

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.1.1

url pkg:npm/studiocms@0.2.0

purl pkg:npm/studiocms@0.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.2.0

url pkg:npm/studiocms@0.3.0

purl pkg:npm/studiocms@0.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-cepr-tf1s-43ds

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-fj6p-46u9-w7gf

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.3.0

url pkg:npm/studiocms@0.4.0

purl pkg:npm/studiocms@0.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.4.0

url pkg:npm/studiocms@0.4.1

purl pkg:npm/studiocms@0.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.4.1

url pkg:npm/studiocms@0.4.2

purl pkg:npm/studiocms@0.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4b22-3bcp-x3a8

vulnerability	VCID-cts7-7e7u-mfa6

vulnerability	VCID-hz9y-unzu-sqcp

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.4.2

url pkg:npm/studiocms@0.4.3

purl pkg:npm/studiocms@0.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kv1r-cpaa-8kd7

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/studiocms@0.4.3

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-32638

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07678
published_at	2026-06-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07702
published_at	2026-06-14T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07714
published_at	2026-06-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07709
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-32638

reference_url

https://github.com/withstudiocms/studiocms

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/withstudiocms/studiocms

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-32638

reference_id

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-32638

reference_url

https://github.com/withstudiocms/studiocms/commit/aebe8bcb3618bb07c6753e3f5c982c1fe6adea64

reference_id

aebe8bcb3618bb07c6753e3f5c982c1fe6adea64

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:00:04Z/

url

https://github.com/withstudiocms/studiocms/commit/aebe8bcb3618bb07c6753e3f5c982c1fe6adea64

reference_url

https://github.com/advisories/GHSA-xvf4-ch4q-2m24

reference_id

GHSA-xvf4-ch4q-2m24

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-xvf4-ch4q-2m24

reference_url

https://github.com/withstudiocms/studiocms/security/advisories/GHSA-xvf4-ch4q-2m24

reference_id

GHSA-xvf4-ch4q-2m24

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:00:04Z/

url

https://github.com/withstudiocms/studiocms/security/advisories/GHSA-xvf4-ch4q-2m24

reference_url

https://github.com/withstudiocms/studiocms/releases/tag/studiocms@0.4.4

reference_id

studiocms@0.4.4

reference_type

scores

value	2.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-19T15:00:04Z/

url

https://github.com/withstudiocms/studiocms/releases/tag/studiocms@0.4.4

Weaknesses

cwe_id	639
name	Authorization Bypass Through User-Controlled Key
description	The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 0.1 - 3

Exploitability 0.5

Weighted_severity 2.7

Risk_score 1.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kv1r-cpaa-8kd7

Vulnerability Instance