CSRF Vulnerability in Admidio Open-Source User Management Tool
CVE-2026-34382

4.6MEDIUM

Key Information:

Vendor

Admidio

Status
Admidio
Vendor
CVE Published:
31 March 2026

What is CVE-2026-34382?

Admidio, an open-source user management solution, contains a Cross-Site Request Forgery (CSRF) vulnerability that affects versions from 5.0.0 up to, but not including, 5.0.8. This issue arises from a flaw in the delete mode handler located in mylist_function.php, where the system fails to validate CSRF tokens. An attacker could exploit this vulnerability by tricking an authenticated user into visiting a malicious page, resulting in the unauthorized permanent deletion of list configurations, including organization-wide shared lists, especially if the targeted user has administrator privileges. Users are advised to upgrade to version 5.0.8 to mitigate this risk.

Affected Version(s)

admidio >= 5.0.0, < 5.0.8

References

https://github.com/Admidio/admidio/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/Admidio/admidio/commit/317ec91ad3baf19...
x_refsource_MISC

CVSS V3.1

Score:
4.6
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.