CVE-2026-30269 - Vulnerability Analysis
CriticalCVSS: 9.9Last Updated: April 20, 2026
Doorman - Broken Access Control
Overview
Doorman v0.1.0 and v1.0.2 contain a broken access control vulnerability caused by missing permission checks on the 'role' field in /platform/user/{username}, letting authenticated users escalate their privileges to non-admin high-privileged roles, exploit requires user authentication.
Severity & Score
Impact
Authenticated users can escalate their privileges to high-privileged roles, potentially compromising system integrity.
Mitigation
Update to a version that enforces proper permission checks on role updates or latest available version.
References
Social Media Activity(2 posts)
š“ CVE-2026-30269 - Critical (9.9) Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_use... š https://www.thehackerwire.com/vulnerability/CVE-2026-30269/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2026-30269 - Critical (9.9) Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_use... š https://www.thehackerwire.com/vulnerability/CVE-2026-30269/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-30269
- Severity
- Critical
- CVSS Score
- 9.9
- Type
- broken_access_control
- Status
- unconfirmed
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-269
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L