Withstudiocms Studiocms
7 CVEs affecting Withstudiocms Studiocms. Latest disclosed: 2026-03-18. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-30944 | High | 8.8 | 2026-03-10 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows… |
CVE-2026-30945 | High | 7.1 | 2026-03-10 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the DELETE /studiocms_api/dashboard/api-tokens endpoint… |
CVE-2026-32103 | Medium | 6.8 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the POST /studiocms_api/dashboard/create-reset-link endp… |
CVE-2026-24134 | Medium | 6.5 | 2026-01-27 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOL… |
CVE-2026-32104 | Medium | 5.4 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the updateUserNotifications endpoint accepts a user ID f… |
CVE-2026-32106 | Medium | 4.7 | 2026-03-11 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank… |
CVE-2026-32638 | Low | 2.7 | 2026-03-18 | StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.4, the REST API `getUsers` endpoint in StudioCMS uses the a… |