Home / Vulnerability Intelligence / CVE-2026-34382

CVE-2026-34382 - Vulnerability Analysis

MediumCVSS: 4.6

Last Updated: April 1, 2026

Admidio - Cross-Site Request Forgery

Published: March 31, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable

Overview

Admidio 5.0.0 to < 5.0.8 contains a cross-site request forgery caused by missing CSRF token validation in delete mode handler in mylist_function.php, letting attackers trick authenticated users to delete list configurations silently, exploit requires user interaction.

Severity & Score

Severity: Medium

CVSS Score: 4.6

Impact

Attackers can cause authenticated users to delete list configurations, potentially destroying organization-wide shared lists if the user is an administrator.

Mitigation

Upgrade to version 5.0.8 or later.

References

https://github.com/Admidio/admidio/commit/317ec91ad3baf19d4179db6c32413812eb36d7ca
https://github.com/Admidio/admidio/security/advisories/GHSA-g3mx-8jm6-rc85

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34382
Severity: Medium
CVSS Score: 4.6
Type: cross_site_request_forgery
Status: confirmed

CWE

CWE-352

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L