What is CVE-2026-32106?

CVE-2026-32106 is a medium-severity vulnerability in Withstudiocms Studiocms, classified under Improper Privilege Management. CVSS score: 4.7/10. Published 2026-03-11.

How severe is CVE-2026-32106?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Privilege escalation in Withstudiocms Studiocms

CVE-2026-32106

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses ind…

Vulnerability class: Privilege Escalation

EPSS: 0.000 (7.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.

Affected products

Withstudiocms Studiocms — versions < 0.4.3

Weakness classification (CWE)

CWE-269 — Improper Privilege Management

References

https://github.com/withstudiocms/studiocms/security/advisories/GHSA-wj56-g96r-673q (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-32106?: CVE-2026-32106 is a medium-severity vulnerability in Withstudiocms Studiocms, classified under Improper Privilege Management. CVSS score: 4.7/10. Published 2026-03-11.
How severe is CVE-2026-32106?: Medium severity. CVSS v3 base score is 4.7 out of 10.