CodeIgniter 4 CMS Skeleton Vulnerability in CI4MS
CVE-2026-39389

6.7MEDIUM

Key Information:

Vendor: Ci4-cms-erp
Status: Ci4ms
Vendor: CVE Published:; 8 April 2026

🔔 Create Ci4-cms-erp Vulnerability Alert

What is CVE-2026-39389?

CI4MS, a Content Management System built on the CodeIgniter 4 framework, is susceptible to an authorization misconfiguration that affects its role-based access control (RBAC) feature. This vulnerability can potentially lead to unauthorized access to sensitive functionalities within the application, impacting the system's security integrity. Users are advised to update to version 0.31.4.0 or later to mitigate the risks associated with this vulnerability. For further details and guidance, please refer to the security advisory.

Affected Version(s)

ci4ms < 0.31.4.0

References

https://github.com/ci4-cms-erp/ci4ms/security/advisories/...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 6, 2026

CVE-2026-39389 Data

JSON