{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27012", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-17T03:08:23.489Z", "datePublished": "2026-03-03T21:53:01.002Z", "dateUpdated": "2026-03-04T21:21:34.908Z"}, "containers": {"cna": {"title": "Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php", "problemTypes": [{"descriptions": [{"cweId": "CWE-306", "lang": "en", "description": "CWE-306: Missing Authentication for Critical Function", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/devcode-it/openstamanager/security/advisories/GHSA-247v-7cw6-q57v", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/devcode-it/openstamanager/security/advisories/GHSA-247v-7cw6-q57v"}], "affected": [{"vendor": "devcode-it", "product": "openstamanager", "versions": [{"version": "<= 2.9.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-03T21:53:01.002Z"}, "descriptions": [{"lang": "en", "value": "OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group (idgruppo) by directly calling modules/utenti/actions.php. This can promote an existing account (e.g. agent) into the Amministratori group as well as demote any user including existing administrators."}], "source": {"advisory": "GHSA-247v-7cw6-q57v", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-04T21:21:23.993735Z", "id": "CVE-2026-27012", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T21:21:34.908Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27012", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-04T21:21:23.993735Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-04T21:21:29.580Z"}}], "cna": {"title": "Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php", "source": {"advisory": "GHSA-247v-7cw6-q57v", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "devcode-it", "product": "openstamanager", "versions": [{"status": "affected", "version": "<= 2.9.8"}]}], "references": [{"url": "https://github.com/devcode-it/openstamanager/security/advisories/GHSA-247v-7cw6-q57v", "name": "https://github.com/devcode-it/openstamanager/security/advisories/GHSA-247v-7cw6-q57v", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group (idgruppo) by directly calling modules/utenti/actions.php. This can promote an existing account (e.g. agent) into the Amministratori group as well as demote any user including existing administrators."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306: Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-03T21:53:01.002Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27012", "state": "PUBLISHED", "dateUpdated": "2026-03-04T21:21:34.908Z", "dateReserved": "2026-02-17T03:08:23.489Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-03T21:53:01.002Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:devcode:openstamanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "42CFDCCE-817A-4017-8C56-ECC90B1CF7A1", "versionEndIncluding": "2.9.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group (idgruppo) by directly calling modules/utenti/actions.php. This can promote an existing account (e.g. agent) into the Amministratori group as well as demote any user including existing administrators."}], "id": "CVE-2026-27012", "lastModified": "2026-03-05T18:19:03.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-03T22:16:28.833", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/devcode-it/openstamanager/security/advisories/GHSA-247v-7cw6-q57v"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.9.8]"}}], "enrichment": {"confidence": 94.0, "confidence_source": "matching", "scores": [{"score": 94.0, "source": "matching"}]}, "original": {"product": "openstamanager", "source": "cna", "vendor": "devcode-it"}, "product": "openstamanager", "vendor": "devcode"}], "analysis": {"en": {"generated_at": "2026-04-17T13:18:54.256650+00:00", "value": {"mitigation_remediation": ["Apply the latest OpenSTAManager release (\u2265\u202f2.9.9) in which the authentication bypass is corrected.", "If an upgrade cannot be performed immediately, limit HTTP access to modules/utenti/actions.php so that only authenticated administrators can reach it or remove the file from the web root.", "Update the code to validate that any request containing an idgruppo parameter is associated with a session belonging to an authorized administrator, preventing unauthorized group changes."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation via Authentication Bypass"}, "threat_synthesis": {"affected_systems": "The vulnerability affects all installations of OpenSTAManager version 2.9.8 and earlier. The vendor, devcode-it, publishes the software under the open source license managed by the devcode-it organization. No earlier versions are listed as impacted, and no later releases are known to contain the flaw according to the advisory.", "description_and_impact": "OpenSTAManager, a self-hosted technical assistance and invoicing platform, contains a flaw in the file modules/utenti/actions.php that allows an unauthenticated user to modify the idgruppo field presented in the request. Because the application does not verify that the requester possesses proper administrative rights, an attacker can promote any existing account to the Amministratori group or demote a legitimate administrator. This yields full control over the system\u2019s user hierarchy and permits unrestricted execution of privileged operations, matching CWE-306 (Authorization Bypass Through User-Controlled Key).", "risk_and_exploitability": "The CVSS base score of 9.8 indicates a critical risk, and the EPSS score of less than 1% suggests that widespread exploitation is unlikely but not impossible. The advisory does not list this issue in the CISA KEV catalog, indicating that currently no known active exploits are in circulation. Based on the description, it is inferred that attackers would most likely exploit the issue from a remote web context by directly requesting the vulnerable script, provided the target is publicly reachable and the application is not otherwise hardened against unrestricted file access. The lack of mandatory authentication for the endpoint presents a clear vector for unauthorized privilege escalation."}}}}, "created": "2026-03-04T14:53:41.292920+00:00", "updated": "2026-04-17T13:30:19.593933+00:00", "vendors": ["devcode", "devcode$PRODUCT$openstamanager"]}