{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34381", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-27T13:43:14.370Z", "datePublished": "2026-03-31T20:31:23.379Z", "dateUpdated": "2026-04-01T13:41:03.359Z"}, "containers": {"cna": {"title": "Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Admidio/admidio/security/advisories/GHSA-7fh7-8xqm-3g88", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-7fh7-8xqm-3g88"}, {"name": "https://github.com/Admidio/admidio/commit/5f770c1ca81a4f6b02136280cd63316a35aabaaf", "tags": ["x_refsource_MISC"], "url": "https://github.com/Admidio/admidio/commit/5f770c1ca81a4f6b02136280cd63316a35aabaaf"}], "affected": [{"vendor": "Admidio", "product": "admidio", "versions": [{"version": ">= 5.0.0, < 5.0.8", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T20:31:23.379Z"}, "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently ignore all .htaccess files. As a result, any file uploaded to the documents module regardless of the role-based permissions configured in the UI, is directly accessible over HTTP without authentication by anyone who knows the file path. The file path is disclosed in the upload response JSON. This issue has been patched in version 5.0.8."}], "source": {"advisory": "GHSA-7fh7-8xqm-3g88", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-7fh7-8xqm-3g88", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-01T13:40:59.551945Z", "id": "CVE-2026-34381", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:41:03.359Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34381", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-01T13:40:59.551945Z"}}}], "references": [{"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-7fh7-8xqm-3g88", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-01T13:40:52.466Z"}}], "cna": {"title": "Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess", "source": {"advisory": "GHSA-7fh7-8xqm-3g88", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Admidio", "product": "admidio", "versions": [{"status": "affected", "version": ">= 5.0.0, < 5.0.8"}]}], "references": [{"url": "https://github.com/Admidio/admidio/security/advisories/GHSA-7fh7-8xqm-3g88", "name": "https://github.com/Admidio/admidio/security/advisories/GHSA-7fh7-8xqm-3g88", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Admidio/admidio/commit/5f770c1ca81a4f6b02136280cd63316a35aabaaf", "name": "https://github.com/Admidio/admidio/commit/5f770c1ca81a4f6b02136280cd63316a35aabaaf", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently ignore all .htaccess files. As a result, any file uploaded to the documents module regardless of the role-based permissions configured in the UI, is directly accessible over HTTP without authentication by anyone who knows the file path. The file path is disclosed in the upload response JSON. This issue has been patched in version 5.0.8."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-31T20:31:23.379Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34381", "state": "PUBLISHED", "dateUpdated": "2026-04-01T13:41:03.359Z", "dateReserved": "2026-03-27T13:43:14.370Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-31T20:31:23.379Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:admidio:admidio:*:*:*:*:*:*:*:*", "matchCriteriaId": "57D165DA-4B63-4140-9E3E-B66F1A9CE955", "versionEndExcluding": "5.0.8", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently ignore all .htaccess files. As a result, any file uploaded to the documents module regardless of the role-based permissions configured in the UI, is directly accessible over HTTP without authentication by anyone who knows the file path. The file path is disclosed in the upload response JSON. This issue has been patched in version 5.0.8."}], "id": "CVE-2026-34381", "lastModified": "2026-04-01T18:24:07.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-31T21:16:30.013", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Admidio/admidio/commit/5f770c1ca81a4f6b02136280cd63316a35aabaaf"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-7fh7-8xqm-3g88"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/Admidio/admidio/security/advisories/GHSA-7fh7-8xqm-3g88"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[5.0.0,5.0.8)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "admidio", "source": "cna", "vendor": "Admidio"}, "product": "admidio", "vendor": "admidio"}], "analysis": {"en": {"generated_at": "2026-04-02T03:55:09.492196+00:00", "value": {"mitigation_remediation": ["Upgrade Admidio to version 5.0.8 or later", "If immediate upgrade is not possible, modify the Apache configuration to enable AllowOverride (e.g., set AllowOverride All) for the adm_my_files directory so that the .htaccess file is respected", "If changing the Apache configuration is infeasible, delete or relocate any existing uploaded files that may be publicly accessible, and consider removing the adm_my_files directory from the web\u2011reachable path", "Verify that future deployments use the latest Docker image or apply the patched container image"], "summary": {"action": "Patch immediately", "impact": "Unauthorized access and disclosure of protected documents"}, "threat_synthesis": {"affected_systems": "The flaw affects the Admidio user\u2011management application, specifically versions 5.0.0 up to, but not including, 5.0.8. The issue is present in the official Docker image where the Apache instance is configured with AllowOverride None. It applies to any deployment of Admidio in this range that utilizes the same Apache configuration, regardless of the underlying operating system.", "description_and_impact": "Admidio versions 5.0.0 through 5.0.7 allow uploaded files in the documents module to be accessed directly via HTTP because the .htaccess file that is meant to block access is ignored when the Apache configuration uses AllowOverride None. The vulnerability is caused by improper enforcement of access control, resulting in potentially sensitive documents being exposed without authentication. This weakness corresponds to CWE\u2011284, which addresses unauthorized access control.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a medium\u2011high severity, while the EPSS score of less than 1% suggests low current exploitation activity and the vulnerability is not listed in CISA\u2019s KEV catalog. An attacker can leverage this flaw by taking the file path disclosed in the upload response JSON and making a GET request to that URL, thereby retrieving the file without authentication. The attack requires no special privileges or exploitation code, only the configuration gap where .htaccess directives are ignored."}}}}, "created": "2026-04-02T07:52:35.550809+00:00", "updated": "2026-04-02T20:10:49.351232+00:00", "vendors": ["admidio", "admidio$PRODUCT$admidio"]}