{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32755", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T18:53:03.532Z", "datePublished": "2026-03-19T22:53:09.081Z", "dateUpdated": "2026-03-25T14:52:11.101Z"}, "containers": {"cna": {"title": "Admidio is Missing CSRF Protection on Role Membership Date Changes", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Admidio/admidio/security/advisories/GHSA-h8gr-qwr6-m9gx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-h8gr-qwr6-m9gx"}, {"name": "https://github.com/Admidio/admidio/releases/tag/v5.0.7", "tags": ["x_refsource_MISC"], "url": "https://github.com/Admidio/admidio/releases/tag/v5.0.7"}], "affected": [{"vendor": "Admidio", "product": "admidio", "versions": [{"version": "< 5.0.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-19T22:53:09.081Z"}, "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/profile_function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stop_membership and remove_former_membership against the CSRF token but omits save_membership from that check. Because membership UUIDs appear in the HTML source visible to authenticated users, an attacker can embed a crafted POST form on any external page and trick a role leader into submitting it, silently altering membership dates for any member of roles the victim leads. A role leader's session can be silently exploited via CSRF to manipulate any member's membership dates, terminating access by backdating, covertly extending unauthorized access, or revoking role-restricted features, all without confirmation, notification, or administrative approval. This issue has been fixed in version 5.0.7."}], "source": {"advisory": "GHSA-h8gr-qwr6-m9gx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T14:51:16.015689Z", "id": "CVE-2026-32755", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:52:11.101Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32755", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-25T14:51:16.015689Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:51:57.427Z"}}], "cna": {"title": "Admidio is Missing CSRF Protection on Role Membership Date Changes", "source": {"advisory": "GHSA-h8gr-qwr6-m9gx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Admidio", "product": "admidio", "versions": [{"status": "affected", "version": "< 5.0.7"}]}], "references": [{"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-h8gr-qwr6-m9gx", "name": "https://github.com/Admidio/admidio/security/advisories/GHSA-h8gr-qwr6-m9gx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Admidio/admidio/releases/tag/v5.0.7", "name": "https://github.com/Admidio/admidio/releases/tag/v5.0.7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/profile_function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stop_membership and remove_former_membership against the CSRF token but omits save_membership from that check. Because membership UUIDs appear in the HTML source visible to authenticated users, an attacker can embed a crafted POST form on any external page and trick a role leader into submitting it, silently altering membership dates for any member of roles the victim leads. A role leader's session can be silently exploited via CSRF to manipulate any member's membership dates, terminating access by backdating, covertly extending unauthorized access, or revoking role-restricted features, all without confirmation, notification, or administrative approval. This issue has been fixed in version 5.0.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-19T22:53:09.081Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32755", "state": "PUBLISHED", "dateUpdated": "2026-03-25T14:52:11.101Z", "dateReserved": "2026-03-13T18:53:03.532Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-19T22:53:09.081Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*", "matchCriteriaId": "3347E657-D132-4D87-A355-391136657A27", "versionEndExcluding": "5.0.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/profile_function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stop_membership and remove_former_membership against the CSRF token but omits save_membership from that check. Because membership UUIDs appear in the HTML source visible to authenticated users, an attacker can embed a crafted POST form on any external page and trick a role leader into submitting it, silently altering membership dates for any member of roles the victim leads. A role leader's session can be silently exploited via CSRF to manipulate any member's membership dates, terminating access by backdating, covertly extending unauthorized access, or revoking role-restricted features, all without confirmation, notification, or administrative approval. This issue has been fixed in version 5.0.7."}, {"lang": "es", "value": "Admidio es una soluci\u00f3n de gesti\u00f3n de usuarios de c\u00f3digo abierto. En las versiones 5.0.6 e inferiores, la acci\u00f3n save_membership en modules/profile/profile_function.php guarda los cambios en las fechas de inicio y fin de la membres\u00eda de rol de un miembro, pero no valida el token CSRF. El gestor comprueba stop_membership y remove_former_membership contra el token CSRF, pero omite save_membership de esa comprobaci\u00f3n. Debido a que los UUID de membres\u00eda aparecen en el c\u00f3digo fuente HTML visible para los usuarios autenticados, un atacante puede incrustar un formulario POST manipulado en cualquier p\u00e1gina externa y enga\u00f1ar a un l\u00edder de rol para que lo env\u00ede, alterando silenciosamente las fechas de membres\u00eda para cualquier miembro de los roles que la v\u00edctima lidera. La sesi\u00f3n de un l\u00edder de rol puede ser explotada silenciosamente a trav\u00e9s de CSRF para manipular las fechas de membres\u00eda de cualquier miembro, terminando el acceso al retroceder la fecha, extendiendo encubiertamente el acceso no autorizado o revocando caracter\u00edsticas restringidas por rol, todo sin confirmaci\u00f3n, notificaci\u00f3n o aprobaci\u00f3n administrativa. Este problema ha sido solucionado en la versi\u00f3n 5.0.7."}], "id": "CVE-2026-32755", "lastModified": "2026-03-23T19:11:15.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-19T23:16:44.203", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/Admidio/admidio/releases/tag/v5.0.7"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-h8gr-qwr6-m9gx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.0.7)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "admidio", "source": "cna", "vendor": "Admidio"}, "product": "admidio", "vendor": "admidio"}], "analysis": {"en": {"generated_at": "2026-03-23T20:41:09.846958+00:00", "value": {"mitigation_remediation": ["Apply the Admidio 5.0.7 patch or later"], "summary": {"action": "Immediate Patch", "impact": "Unauthorized alteration of role membership dates leading to unauthorized access or revocation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Admidio versions 5.0.6 and earlier. Version 5.0.7 includes the fix. Users of the listed product should verify their installation corresponds to a version older than 5.0.7.", "description_and_impact": "Admidio, an open\u2011source user management platform, has a missing CSRF validation in the save_membership action within the profile module. The bug allows a malicious actor to craft a form that, when submitted by an authenticated role leader, silently changes a member\u2019s role start or end dates. This can prematurely end a member\u2019s access, grant extended privileges, or remove authorized features without the user\u2019s awareness or any administrative confirmation. The underlying weakness corresponds to CWE\u2011352, which describes a cross\u2011site request forgery failure.", "risk_and_exploitability": "The CVSS score of 5.7 classifies the issue as medium severity. The EPSS score of less than 1% suggests a low exploitation probability, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. However, the attack vector is inferred to be remote: an attacker can host an external page that automatically posts to the victim\u2019s authenticated session, exploiting the missing CSRF token. The successful exploitation requires that the victim is a role leader with an active session; once triggered, the attacker can silently modify any member\u2019s role membership dates within the victim\u2019s purview."}}}}, "created": "2026-03-20T08:54:33.896516+00:00", "updated": "2026-03-25T11:54:14.613127+00:00", "vendors": ["admidio", "admidio$PRODUCT$admidio"]}