Studiocms
CVE-2026-24134
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1 npm packages depend on studiocms (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 0.2.0.
DescriptionGitHub Advisory
StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue.
AnalysisAI
headless content management system. versions up to 0.2.0 is affected by authorization bypass through user-controlled key (CVSS 6.5).
Technical ContextAI
This vulnerability (CWE-639: Authorization Bypass Through User-Controlled Key) affects headless content management system.. StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Privilege escalation in StudioCMS versions prior to 0.4.0 enables authenticated Editor-level users to generate API token
High severity vulnerability in StudioCMS. The S3 storage manager's `isAuthorized()` function is declared `async` (return
StudioCMS prior to version 0.4.0 allows authenticated editors and above to revoke API tokens belonging to any user, incl
Medium severity vulnerability in StudioCMS. The POST /studiocms_api/dashboard/create-reset-link endpoint allows any auth
A security vulnerability in StudioCMS (CVSS 5.4). Remediation should follow standard vulnerability management procedures
## Summary The REST API `createUser` endpoint uses string-based rank checks that only block creating `owner` accounts,
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-8cw6-53m5-4932