{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34427", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-27T15:24:06.752Z", "datePublished": "2026-04-20T13:55:15.311Z", "dateUpdated": "2026-04-20T14:51:12.245Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-20T13:55:28.175Z"}, "title": "Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-915", "description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes", "type": "CWE"}]}], "affected": [{"vendor": "givanz", "product": "Vvveb", "repo": "https://github.com/givanz/Vvveb", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.8.1", "versionType": "semver"}, {"status": "unaffected", "version": "0eca14af50f038915b8bf7ceec2becf6b6720b0a", "versionType": "git"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Vvveb prior to\u00a01.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super Administrator privileges, enabling plugin upload functionality for remote code execution.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Vvveb prior to&nbsp;1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super Administrator privileges, enabling plugin upload functionality for remote code execution.<br>"}]}], "references": [{"url": "https://github.com/givanz/Vvveb/releases/tag/1.0.8.1", "tags": ["release-notes"]}, {"url": "https://github.com/givanz/Vvveb/commit/0eca14af50f038915b8bf7ceec2becf6b6720b0a", "tags": ["patch"]}, {"url": "https://www.vulncheck.com/advisories/vvveb-privilege-escalation-via-admin-user-save", "tags": ["third-party-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}}, {"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "credits": [{"lang": "en", "value": "Hamed Kohi of Delta Obscura", "type": "finder"}, {"lang": "en", "value": "VulnCheck", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T14:50:56.641018Z", "id": "CVE-2026-34427", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T14:51:12.245Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34427", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-20T14:50:56.641018Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T14:50:59.727Z"}}], "cna": {"title": "Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Hamed Kohi of Delta Obscura"}, {"lang": "en", "type": "coordinator", "value": "VulnCheck"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/givanz/Vvveb", "vendor": "givanz", "product": "Vvveb", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.8.1", "versionType": "semver"}, {"status": "unaffected", "version": "0eca14af50f038915b8bf7ceec2becf6b6720b0a", "versionType": "git"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/givanz/Vvveb/releases/tag/1.0.8.1", "tags": ["release-notes"]}, {"url": "https://github.com/givanz/Vvveb/commit/0eca14af50f038915b8bf7ceec2becf6b6720b0a", "tags": ["patch"]}, {"url": "https://www.vulncheck.com/advisories/vvveb-privilege-escalation-via-admin-user-save", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Vvveb prior to\u00a01.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super Administrator privileges, enabling plugin upload functionality for remote code execution.", "supportingMedia": [{"type": "text/html", "value": "Vvveb prior to&nbsp;1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super Administrator privileges, enabling plugin upload functionality for remote code execution.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-915", "description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-04-20T13:55:28.175Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34427", "state": "PUBLISHED", "dateUpdated": "2026-04-20T14:51:12.245Z", "dateReserved": "2026-03-27T15:24:06.752Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-04-20T13:55:15.311Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vvveb prior to\u00a01.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super Administrator privileges, enabling plugin upload functionality for remote code execution."}], "id": "CVE-2026-34427", "lastModified": "2026-04-20T18:54:59.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-04-20T16:16:44.250", "references": [{"source": "disclosure@vulncheck.com", "url": "https://github.com/givanz/Vvveb/commit/0eca14af50f038915b8bf7ceec2becf6b6720b0a"}, {"source": "disclosure@vulncheck.com", "url": "https://github.com/givanz/Vvveb/releases/tag/1.0.8.1"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/vvveb-privilege-escalation-via-admin-user-save"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-915"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.0.8.1)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "code_commit", "value": "0eca14af50f038915b8bf7ceec2becf6b6720b0a"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Vvveb", "source": "cna", "vendor": "givanz"}, "product": "vvveb", "vendor": "givanz"}], "analysis": {"en": {"generated_at": "2026-04-20T15:21:11.473898+00:00", "value": {"mitigation_remediation": ["Upgrade Vvveb to version 1.0.8.1 or newer, which removes the privilege escalation vulnerability.", "Modify the admin/user/save endpoint to enforce strict authorization checks so that only users already holding Super Administrator privileges can alter the role_id field. This prevents lower\u2011level accounts from escalating privileges.", "Disable plugin upload capabilities or restrict them to verified administrators until the patch is applied, and monitor for any unauthorized privilege changes or plugin submissions."], "summary": {"action": "Patch Immediately", "impact": "Privilege Escalation to Super Administrator, enabling plugin upload and remote code execution"}, "threat_synthesis": {"affected_systems": "The affected product is Vvveb, with all releases older than 1.0.8.1 vulnerable. Users running these versions should consider the software current as unpatched.", "description_and_impact": "Vvveb prior to version 1.0.8.1 contains a flaw in the admin user profile save endpoint that allows an authenticated user to inject a role_id value of 1 into profile save requests. The resulting change elevates the attacker to Super Administrator status, which in turn provides access to plugin upload functionality and enables remote code execution. This weakness is mapped to CWE-915 (Insufficient Authorization).", "risk_and_exploitability": "The vulnerability has a CVSS score of 8.7, indicating a high severity risk. EPSS data is not available, and the issue is not listed in the CISA KEV catalog, suggesting that it is not known to be actively exploited in the wild yet, but the potential for privilege escalation and subsequent remote code execution makes it a critical concern. An attacker must first authenticate, then send a crafted request to the admin/user/save endpoint; successful exploitation results in super user privileges and the ability to upload malicious plugins."}}}}, "created": "2026-04-20T15:30:06.046078+00:00", "updated": "2026-04-20T15:30:06.166087+00:00", "vendors": ["givanz", "givanz$PRODUCT$vvveb"]}