Remote Code Execution Flaw in a4m4 Student-Management-System Admin Endpoint
CVE-2026-10271

5.3MEDIUM

Key Information:

Vendor: A4m4
Status: Student-management-system
Vendor: CVE Published:; 1 June 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-10271?

A security flaw exists in the a4m4 Student-Management-System that affects the Admin Endpoint component. This vulnerability arises from an exploitable issue in a function within the admin directory, specifically related to the manipulation of user identifiers (uid). By leveraging this weakness, an attacker can perform malicious actions remotely, potentially leading to unauthorized execution of code after a redirect. The security team has been notified about this issue, but no subsequent updates or fixes have been communicated to safeguard the affected components.

Affected Version(s)

Student-Management-System f0c5f6842c5e8c431ff02b5260a565ca844df3a0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-10271 - Proof of Concept

References

https://vuldb.com/vuln/367550

vdb-entrytechnical-description

https://vuldb.com/vuln/367550/cti

signaturepermissions-required

https://vuldb.com/cve/CVE-2026-10271

third-party-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 1, 2026
👾
Exploit known to exist
Jun 1, 2026
Vulnerability published
Jun 1, 2026
Vulnerability Reserved
May 31, 2026

Credit

gscsd (VulDB User)

VulDB CNA Team

CVE-2026-10271 Data

JSON

A4m4