CVE-2026-27012 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 5, 2026
OpenSTAManager - Authentication Bypass & Privilege Escalation
Overview
OpenSTAManager <= 2.9.8 contains a privilege escalation and authentication bypass caused by direct calls to modules/utenti/actions.php allowing arbitrary user group changes, letting attackers escalate privileges, exploit requires no special privileges.
Severity & Score
Impact
Attackers can escalate privileges by changing user groups, potentially gaining administrative access.
Mitigation
Update to the latest version beyond 2.9.8.
Social Media Activity(2 posts)
š“ CVE-2026-27012 - Critical (9.8) OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's ... š https://www.thehackerwire.com/vulnerability/CVE-2026-27012/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
ā ļø CRITICAL: OpenSTAManager <=2.9.8 hit by CVE-2026-27012 (CVSS 9.8). Unauthenticated users can escalate privileges by altering user group IDs via modules/utenti/actions.php. Restrict access & monitor logs! Details: https://radar.offseq.com/threat/cve-2026-27012-cwe-306-missing-authentication-for--435d22b5 #OffSeq #infosec #CVE202627012
View original postRelated Resources
Details
- CVE ID
- CVE-2026-27012
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- confirmed
- EPSS
- 3.0%
- Social Posts
- 2
CWE
- CWE-306
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H