Critical severity9.9NVD Advisory· Published Apr 20, 2026· Updated Apr 27, 2026
CVE-2026-30269
CVE-2026-30269
Description
Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The role field is accepted by the update model without a manage_users permission check for self-updates, enabling privilege escalation to high-privileged roles.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
1- blog.orxiain.life/archives/cve-2026-30269---improper-access-control-in-doorman-allows-privilege-escalationnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.