Doorman

doorman

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Doorman

doorman

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-30269 1Doorman 1Doorman Apr 27, 2026 Apr 20, 2026 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update...Show more Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for self-updates, enabling privilege escalation to high-privileged roles.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2026-30269

1Doorman

Apr 27, 2026

Apr 20, 2026

N/A· v4

9.9 CRITICAL· v3

N/A· v2

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for self-updates, enabling privilege escalation to high-privileged roles.Show less