Skip to main content

People

1 CVEs product

Monthly

CVE-2026-42185 MEDIUM PATCH This Month

Privilege escalation in Suite Numérique People prior to version 1.25.0 allows authenticated domain administrators to remotely promote any existing user to Owner role via a crafted invitation request, without requiring acceptance from the target user. The vulnerability requires valid Administrator credentials on a mail domain but grants immediate full domain ownership, creating a severe lateral privilege escalation risk within multi-tenant deployments.

Privilege Escalation People
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Privilege escalation in Suite Numérique People prior to version 1.25.0 allows authenticated domain administrators to remotely promote any existing user to Owner role via a crafted invitation request, without requiring acceptance from the target user. The vulnerability requires valid Administrator credentials on a mail domain but grants immediate full domain ownership, creating a severe lateral privilege escalation risk within multi-tenant deployments.

Privilege Escalation People
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy