Input Sanitization Flaw in CodeIgniter 4-based CMS Affecting CI4MS
CVE-2026-34561

4.7MEDIUM

Key Information:

Vendor: Ci4-cms-erp
Status: Ci4ms
Vendor: CVE Published:; 1 April 2026

🔔 Create Ci4-cms-erp Vulnerability Alert

What is CVE-2026-34561?

CI4MS, a CodeIgniter 4-based CMS skeleton, suffers from an input sanitization vulnerability that impacts its Social Media Management features. Versions prior to 0.31.0.0 allow attacker-controlled input to be stored server-side and rendered without adequate output encoding, posing security risks. This significant issue has been addressed in version 0.31.0.0, emphasizing the importance of keeping software up-to-date.

Affected Version(s)

ci4ms < 0.31.0.0

References

https://github.com/ci4-cms-erp/ci4ms/security/advisories/...

x_refsource_CONFIRM

https://github.com/ci4-cms-erp/ci4ms/releases/tag/0.31.0.0

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 1, 2026
Vulnerability Reserved
Mar 30, 2026

CVE-2026-34561 Data

JSON