Privilege Escalation in Vvveb Allows Unauthorized Access to Admin Features
CVE-2026-34427

8.7HIGH

Key Information:

Vendor: Givanz
Status: Vvveb
Vendor: CVE Published:; 20 April 2026

What is CVE-2026-34427?

Prior versions of Vvveb (before 1.0.8.1) are susceptible to a privilege escalation flaw that enables authenticated users to alter sensitive fields within their own admin profiles. By injecting specific parameters, such as role_id=1, an attacker can gain Super Administrator privileges. This vulnerability not only permits unauthorized modification of user roles but also opens up potential pathways for remote code execution through enabling plugin upload functionality.

Affected Version(s)

Vvveb 0 < 1.0.8.1

Vvveb 0eca14af50f038915b8bf7ceec2becf6b6720b0a

References

https://github.com/givanz/Vvveb/releases/tag/1.0.8.1

release-notes

https://github.com/givanz/Vvveb/commit/0eca14af50f038915b...

patch

https://www.vulncheck.com/advisories/vvveb-privilege-esca...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Mar 27, 2026

Credit

Hamed Kohi of Delta Obscura

VulnCheck

CVE-2026-34427 Data

JSON

Givanz

What is CVE-2026-34427?

Affected Version(s)

References

CVSS V4

Timeline

Credit