What is the CVSS score of EUVD-2026-20481?

EUVD-2026-20481 has a CVSS 3.1 base score of 6.7 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-20481?

Yes, a patch is available for EUVD-2026-20481. Update the affected software to the latest version immediately.

Ci4ms EUVD-2026-20481

| CVE-2026-39389 MEDIUM

Improper Authorization (CWE-285)

2026-04-08 GitHub_M

GHSA-9rxp-f27p-wv3h

Authentication Bypass Ci4ms

6.7

CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

6.7 MEDIUM

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Patch released

Apr 09, 2026 - 02:30 nvd

Patch available

EUVD ID Assigned

Apr 08, 2026 - 15:16 euvd

EUVD-2026-20481

Analysis Generated

Apr 08, 2026 - 15:16 vuln.today

CVE Published

Apr 08, 2026 - 14:28 nvd

MEDIUM 6.7

DescriptionGitHub Advisory

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, This vulnerability is fixed in 0.31.4.0.

AnalysisAI

CI4MS (CodeIgniter 4 CMS) versions prior to 0.31.4.0 contain an authentication bypass vulnerability (CWE-285) that allows high-privileged users to escalate or circumvent authorization controls. The vulnerability affects the role-based access control (RBAC) system in CI4MS, enabling authenticated administrators to gain unauthorized access to protected resources or functions. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	This vulnerability presents moderate to elevated real-world risk despite the requirement for high privileges (PR:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker with compromised or legitimate administrative credentials could exploit this authorization bypass to escalate privileges or access resources restricted to higher-privileged roles (e.g., reading confidential customer data, modifying system configurations, creating unauthorized admin accounts). Because the CVSS vector shows AC:L (low attack complexity) and UI:N (no user interaction), the exploitation path is straightforward-likely a direct API call or form submission that bypasses permission validation. …
Remediation	Vendor-released patch: upgrade CI4MS to version 0.31.4.0 or later immediately. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-20481 vulnerability details – vuln.today

Back

Ci4ms EUVD-2026-20481

Severity by source

CVSS VectorGitHub Advisory

Lifecycle Timeline

DescriptionGitHub Advisory

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Share

External POC / Exploit Code