Home / Vulnerability Intelligence / CVE-2026-34383

CVE-2026-34383 - Vulnerability Analysis

MediumCVSS: 4.3

Last Updated: April 1, 2026

Admidio - Cross Site Request Forgery

Published: March 31, 2026Updated: April 1, 2026PoC AvailableRemote Exploitable

Overview

Admidio < 5.0.8 contains a cross site request forgery caused by lack of CSRF token and form validation in inventory module's item_save endpoint, letting authenticated users bypass protections and save arbitrary data.

Severity & Score

Severity: Medium

CVSS Score: 4.3

Impact

Authenticated users can bypass CSRF and validation to modify inventory data arbitrarily, potentially compromising data integrity.

Mitigation

Update to version 5.0.8 or later.

References

https://github.com/Admidio/admidio/commit/00494b95dfe847af8b938e4397e5d909d8f36839
https://github.com/Admidio/admidio/security/advisories/GHSA-4rwm-c5mj-wh7x

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34383
Severity: Medium
CVSS Score: 4.3
Type: cross_site_request_forgery
Status: confirmed

CWE

CWE-20

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N