Authorization Flaw in Admidio Forum Module Affects User Management System
CVE-2026-32818

6.5MEDIUM

Key Information:

Vendor: Admidio
Status: Admidio
Vendor: CVE Published:; 19 March 2026

What is CVE-2026-32818?

In versions 5.0.0 to 5.0.6 of Admidio, a serious flaw in the forum module allows any authenticated user to delete forum topics and posts without proper authorization checks. The issue arises because the topic_delete and post_delete actions in forum.php only validate CSRF tokens, failing to verify if the user has the necessary permissions. This lack of authorization enables users with forum access to permanently remove any forum content simply by knowing the UUID. The problem has been addressed in version 5.0.7, which includes the necessary checks to prevent unauthorized deletions.

Affected Version(s)

admidio < 5.0.7

References

https://github.com/Admidio/admidio/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/Admidio/admidio/releases/tag/v5.0.7

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2026
Vulnerability Reserved
Mar 16, 2026

CVE-2026-32818 Data

JSON