Privilege Escalation Vulnerability in Shiori by Go Shiori
CVE-2026-61463
8.7HIGH
What is CVE-2026-61463?
Shiori features a vulnerability that allows authenticated users to escalate their privileges without proper authorization checks on the account update endpoint. By sending a carefully crafted PATCH request, an attacker can modify the owner field, granting them the ability to assume administrative rights. After this manipulation, the attacker can re-authenticate to acquire an admin JWT token, which provides complete access to the system. This vulnerability poses significant security risks, as it can enable unauthorized users to gain control over sensitive system functionalities.
Affected Version(s)
shiori 0
