Critical severity9.8NVD Advisory· Published May 19, 2026· Updated May 20, 2026
CVE-2026-31070
CVE-2026-31070
Description
The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 5c3d028 (commit)
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.