CVE-2026-24134

MEDIUM

StudioCMS <0.2.0 - Privilege Escalation

Title source: llm

Description

StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue.

Exploits (2)

github WORKING POC 10 stars

by XiaomingX · pythonpoc

https://github.com/XiaomingX/data-cve-poc-py-v1/tree/main/2026/CVE-2026-24134

View Code ZIP pw:eip

nomisec WORKING POC

by FilipeGaudard · poc

https://github.com/FilipeGaudard/CVE-2026-24134-PoC

View Code ZIP pw:eip

References (3)

[Patch] https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad

[Vendor Advisory] https://github.com/withstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932

[Release Notes] https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 12.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-862 CWE-639

Status published

Products (2)

npm/studiocms 0 - 0.2.0npm

studiocms/studiocms < 0.2.0

Published Jan 28, 2026

Tracked Since Feb 18, 2026