Cross-Site Request Forgery Vulnerability in Admidio User Management Solution
CVE-2026-32755

5.7MEDIUM

Key Information:

Vendor: Admidio
Status: Admidio
Vendor: CVE Published:; 19 March 2026

What is CVE-2026-32755?

The Admidio user management solution contains a Cross-Site Request Forgery vulnerability in the save_membership action of profile_function.php. This weakness allows an attacker to manipulate membership dates for users without authorization. Specifically, if a role leader is tricked into submitting a crafted POST request, their session can be exploited to change membership status, potentially leading to unauthorized access or revocation of privileges. This issue arises due to the absence of CSRF token validation in the save_membership action, although it is checked for other actions like stop_membership and remove_former_membership. It is crucial to update to version 5.0.7 or later to mitigate this risk.

Affected Version(s)

admidio < 5.0.7

References

https://github.com/Admidio/admidio/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/Admidio/admidio/releases/tag/v5.0.7

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Mar 13, 2026

CVE-2026-32755 Data

JSON