CVE-2026-34572 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: April 1, 2026
CI4MS - Broken Access Control
Published: April 1, 2026Updated: April 1, 2026Remote Exploitable
Overview
CI4MS before 0.31.0.0 contains a broken access control vulnerability caused by failure to revoke active sessions on account deactivation, letting attackers with active sessions retain unauthorized access indefinitely, exploit requires active session.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers with active sessions can maintain unauthorized access indefinitely despite account deactivation, breaking access control policies.
Mitigation
Update to version 0.31.0.0 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-34572
- Severity
- High
- CVSS Score
- 8.8
- Type
- broken_access_control
- Status
- new
CWE
- CWE-284
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H