Cross-Site Request Forgery Issue in Admidio User Management System
CVE-2026-34384

4.5MEDIUM

Key Information:

Vendor: Admidio
Status: Admidio
Vendor: CVE Published:; 31 March 2026

What is CVE-2026-34384?

Admidio, an open-source user management solution, is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability affecting user registration approval processes. In earlier versions than 5.0.8, specific action modes allow the approval of pending user registrations via GET requests without the necessary CSRF token validation. This flaw enables an attacker to exploit the workflow, potentially tricking a user with approval rights into visiting a malicious URL that automatically approves unwanted registrations, bypassing the intended manual approval process.

Affected Version(s)

admidio < 5.0.8

References

https://github.com/Admidio/admidio/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/Admidio/admidio/commit/707171c188b3e8f...

x_refsource_MISC

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2026
Vulnerability Reserved
Mar 27, 2026

CVE-2026-34384 Data

JSON