{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24134", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-21T18:38:22.474Z", "datePublished": "2026-01-27T23:34:55.922Z", "dateUpdated": "2026-01-28T15:08:38.778Z"}, "containers": {"cna": {"title": "StudioCMS has an Authorization Bypass Through User-Controlled Key", "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "lang": "en", "description": "CWE-639: Authorization Bypass Through User-Controlled Key", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932"}, {"name": "https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad", "tags": ["x_refsource_MISC"], "url": "https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad"}, {"name": "https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0"}], "affected": [{"vendor": "withstudiocms", "product": "studiocms", "versions": [{"version": "< 0.2.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-27T23:34:55.922Z"}, "descriptions": [{"lang": "en", "value": "StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the \"Visitor\" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue."}], "source": {"advisory": "GHSA-8cw6-53m5-4932", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-28T15:08:21.623508Z", "id": "CVE-2026-24134", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T15:08:38.778Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24134", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-28T15:08:21.623508Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-28T15:08:32.325Z"}}], "cna": {"title": "StudioCMS has an Authorization Bypass Through User-Controlled Key", "source": {"advisory": "GHSA-8cw6-53m5-4932", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "withstudiocms", "product": "studiocms", "versions": [{"status": "affected", "version": "< 0.2.0"}]}], "references": [{"url": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932", "name": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad", "name": "https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0", "name": "https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the \"Visitor\" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639: Authorization Bypass Through User-Controlled Key"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-27T23:34:55.922Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24134", "state": "PUBLISHED", "dateUpdated": "2026-01-28T15:08:38.778Z", "dateReserved": "2026-01-21T18:38:22.474Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-27T23:34:55.922Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:studiocms:studiocms:*:*:*:*:*:*:*:*", "matchCriteriaId": "74E3AF07-66A8-49C1-9B3B-8D0786185FC1", "versionEndExcluding": "0.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the \"Visitor\" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue."}, {"lang": "es", "value": "StudioCMS es un sistema de gesti\u00f3n de contenido sin cabeza, nativo de Astro, renderizado en el lado del servidor. Las versiones anteriores a la 0.2.0 contienen una vulnerabilidad de Autorizaci\u00f3n de Nivel de Objeto Rota (BOLA) en la funci\u00f3n de Gesti\u00f3n de Contenido que permite a los usuarios con el rol de 'Visitante' acceder a contenido borrador creado por usuarios Editor/Administrador/Propietario. La versi\u00f3n 0.2.0 corrige el problema."}], "id": "CVE-2026-24134", "lastModified": "2026-03-17T15:39:51.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-28T00:15:50.330", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/withstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}, {"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T01:52:09.596307+00:00", "value": {"mitigation_remediation": ["Upgrade StudioCMS to version 0.2.0 or newer, which patches the broken object\u2011level authorization bug.", "Remove or restrict the Visitor role\u2019s permissions so it can only access publicly published content, ensuring drafts remain inaccessible.", "Monitor content\u2011management logs for unexpected read attempts to draft pages and investigate any anomalies."], "summary": {"action": "Patch to v0.2.0", "impact": "Unauthorized access to draft content"}, "threat_synthesis": {"affected_systems": "Any deployment of StudioCMS from vendor withstudiocms, prior to version 0.2.0, is affected. The exposed endpoints appear in the server\u2011side rendered, Astro\u2011native headless CMS platform. Updated releases (0.2.0 and later) address the flaw.", "description_and_impact": "StudioCMS v0.1.x and earlier expose a broken object level authorization flaw in the content\u2011management subsystem. The flaw allows users with the minimally privileged \"Visitor\" role to read draft articles created by Editors, Admins, or Owners. There is no code\u2011execution or privilege\u2011escalation component; the issue results in a confidentiality breach, leaking unpublished editorial material to unauthenticated or low\u2011privileged users. The weakness is classified as BOLA (CWE\u2011639) and a form of authorization bypass (CWE\u2011862).", "risk_and_exploitability": "The CVSS score of 6.5 indicates moderate impact and medium exploitation difficulty. With an EPSS score of less than 1 per cent, this vulnerability is currently considered low probability of real\u2011world exploitation, and it is not listed in the CISA KEV catalog. The likely attack vector is a remote HTTP request made by a Visitor\u2011role user or an automated scanner that can crawl the site and attempt to access draft content via exposed endpoints. An attacker who succeeds will gain read access to any unpublished content, potentially compromising competitive advantage or confidential information."}}}}, "created": "2026-01-28T12:22:05.498178+00:00", "updated": "2026-04-18T02:00:10.465181+00:00", "vendors": ["withstudiocms", "withstudiocms$PRODUCT$studiocms"]}