CSRF Vulnerability in Admidio User Management Solution Affecting Role Management
CVE-2026-32816

5.7MEDIUM

Key Information:

Vendor: Admidio
Status: Admidio
Vendor: CVE Published:; 19 March 2026

What is CVE-2026-32816?

The Admidio user management solution has a CSRF vulnerability in versions 5.0.0 through 5.0.6, affecting the management of organizational roles. The absence of proper validation for CSRF tokens in critical state-changing operations allows attackers to exploit the system by embedding forged POST forms. Users with rights to assign roles can be tricked into carrying out harmful actions, such as permanent deletion of roles, which cascades beyond just the role itself, impacting all memberships, rights data, and access to various organizational resources. The vulnerability can be exploited through devices that can access a publicly visible role UUID, leading to significant security breaches without any straightforward recovery option besides database restoration. This issue has been resolved in version 5.0.7.

Affected Version(s)

admidio >= 5.0.0, < 5.0.7

References

https://github.com/Admidio/admidio/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/Admidio/admidio/releases/tag/v5.0.7

x_refsource_MISC

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Mar 16, 2026

CVE-2026-32816 Data

JSON