VYPR
Medium severity4.6NVD Advisory· Published Mar 31, 2026· Updated Apr 1, 2026

CVE-2026-34382

CVE-2026-34382

Description

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylist_function.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently destroy that user's list configurations — including organization-wide shared lists when the victim holds administrator rights. This issue has been patched in version 5.0.8.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
admidio/admidioPackagist
>= 5.0.0, < 5.0.85.0.8

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.