LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-34427

CVE-2026-34427 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: April 20, 2026

Vvveb - Privilege Escalation

Published: April 20, 2026Updated: April 20, 2026Remote Exploitable

Overview

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability caused by improper validation in the admin user profile save endpoint, letting authenticated users escalate to Super Administrator privileges by injecting role_id=1, exploit requires authentication.

Severity & Score

Severity: High
CVSS Score: 8.8
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Authenticated users can escalate privileges to Super Administrator, enabling remote code execution via plugin upload.

Mitigation

Update to version 1.0.8.1 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Apr 20, 2026

šŸŸ  CVE-2026-34427 - High (8.8) Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save reques... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-34427/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 20, 2026

šŸŸ  CVE-2026-34427 - High (8.8) Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save reques... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-34427/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 20, 2026

šŸŸ  CVE-2026-34427 - High (8.8) Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save reques... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-34427/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Apr 20, 2026

šŸŸ  CVE-2026-34427 - High (8.8) Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save reques... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-34427/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-34427
Severity
High
CVSS Score
8.8
Type
broken_access_control
Status
rejected
EPSS
0.0%
Social Posts
4

CWE

  • CWE-915

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.0%Probability of exploitation in the next 30 days