CVE-2026-7468

Summary

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
1024-labsmart-admin3.0affected
1024-labsmart-admin3.1affected
1024-labsmart-admin3.2affected
1024-labsmart-admin3.3affected
1024-labsmart-admin3.4affected
1024-labsmart-admin3.5affected
1024-labsmart-admin3.6affected
1024-labsmart-admin3.7affected
1024-labsmart-admin3.8affected
1024-labsmart-admin3.9affected
1024-labsmart-admin3.10affected
1024-labsmart-admin3.11affected
1024-labsmart-admin3.12affected
1024-labsmart-admin3.13affected
1024-labsmart-admin3.14affected
1024-labsmart-admin3.15affected
1024-labsmart-admin3.16affected
1024-labsmart-admin3.17affected
1024-labsmart-admin3.18affected
1024-labsmart-admin3.19affected
1024-labsmart-admin3.20affected
1024-labsmart-admin3.21affected
1024-labsmart-admin3.22affected
1024-labsmart-admin3.23affected
1024-labsmart-admin3.24affected
1024-labsmart-admin3.25affected
1024-labsmart-admin3.26affected
1024-labsmart-admin3.27affected
1024-labsmart-admin3.28affected
1024-labsmart-admin3.29affected
1024-labsmart-admin3.30.0affected

Weaknesses

  • CWE-284: Improper Access Controls
  • CWE-266: Incorrect Privilege Assignment

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References