CVE-2026-34381 - Vulnerability Analysis
HighCVSS: 7.5Last Updated: April 1, 2026
Admidio - Broken Access Control
Overview
Admidio 5.0.0 to < 5.0.8 contains an access control bypass caused by Apache ignoring .htaccess files due to AllowOverride None, letting unauthenticated attackers access uploaded documents directly via HTTP, exploit requires knowledge of file path disclosed in upload response.
Severity & Score
Impact
Unauthenticated attackers can access uploaded documents directly, bypassing role-based permissions, leading to sensitive information disclosure.
Mitigation
Update to version 5.0.8 or later.
References
Social Media Activity(2 posts)
š CVE-2026-34381 - High (7.5) Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache... š https://www.thehackerwire.com/vulnerability/CVE-2026-34381/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-34381 - High (7.5) Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache... š https://www.thehackerwire.com/vulnerability/CVE-2026-34381/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-34381
- Severity
- High
- CVSS Score
- 7.5
- Type
- broken_access_control
- Status
- confirmed
- EPSS
- 6.1%
- Social Posts
- 2
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N