Vulnerability Details CVE-2026-34382
Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylist_function.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently destroy that user's list configurations — including organization-wide shared lists when the victim holds administrator rights. This issue has been patched in version 5.0.8.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.9%
CVSS Severity
CVSS v3 Score 4.6
References
Products affected by CVE-2026-34382
-
cpe:2.3:a:admidio:admidio:5.0.0
-
cpe:2.3:a:admidio:admidio:5.0.1
-
cpe:2.3:a:admidio:admidio:5.0.2
-
cpe:2.3:a:admidio:admidio:5.0.3
-
cpe:2.3:a:admidio:admidio:5.0.4
-
cpe:2.3:a:admidio:admidio:5.0.5
-
cpe:2.3:a:admidio:admidio:5.0.6