Authorization Vulnerability in Azuriom CMS by Azuriom
CVE-2026-54415

8.6HIGH

Key Information:

Vendor

Azuriom

Status
Azuriom Cms
Vendor
CVE Published:
17 June 2026

What is CVE-2026-54415?

The Azuriom CMS is susceptible to a missing authorization vulnerability in its server management routes. This flaw affects versions prior to 1.2.11, allowing authenticated attackers with the appropriate permissions to exploit crafted HTTP requests. Through manipulation of server tokens and API endpoints, unauthorized users can change passwords and email addresses of non-admin accounts, potentially enabling full account takeover. It is crucial for users to update their systems to the latest version to mitigate this vulnerability.

Affected Version(s)

Azuriom CMS 0 < 1.2.11

References

https://github.com/Azuriom/Azuriom/releases/tag/v1.2.11
vendor-advisoryrelease-notespatch
https://github.com/Azuriom/Azuriom/commit/4b744bc0dd11f20...
patch
https://github.com/Azuriom/Azuriom
product

CVSS V4

Score:
8.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bobur Abdugafforov
Khabibullaev Barkamol
.