Exploitation Summary
EIP tracks 2 public exploits for CVE-2026-30944. PoCs published by XiaomingX, FilipeGaudard.
AI-analyzed exploit summary This repository contains a functional Python exploit for CVE-2026-30944, a privilege escalation vulnerability in StudioCMS ≤ 0.3.0 due to insecure API token generation. The exploit demonstrates how an authenticated user with Editor privileges can generate API tokens for any user, including admins, via a Broken Object Level Authorization (BOLA) flaw.
Description
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.0, the /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target user ID, resulting in a full privilege escalation. This vulnerability is fixed in 0.4.0.
Exploits (2)
This repository contains a functional Python exploit for CVE-2026-30944, a privilege escalation vulnerability in StudioCMS ≤ 0.3.0 due to insecure API token generation. The exploit demonstrates how an authenticated user with Editor privileges can generate API tokens for any user, including admins, via a Broken Object Level Authorization (BOLA) flaw.
This repository contains a functional Python exploit for CVE-2026-30944, a Broken Object Level Authorization (BOLA) vulnerability in StudioCMS ≤ 0.3.0. The exploit allows authenticated users with Editor privileges to generate API tokens for any user, including admins, by manipulating the 'user' parameter in the API request.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H