Plattform
php
Komponente
formwork
Behoben in
2.0.1
CVE-2026-27198 is a privilege escalation vulnerability discovered in Formwork CMS, a flat file-based content management system. An authenticated user with the 'editor' role can exploit this flaw to create new accounts with administrative privileges, effectively gaining full control over the CMS. This vulnerability impacts versions 2.0.0 through 2.3.3 and has been resolved in version 2.3.4.
The impact of CVE-2026-27198 is significant. An attacker exploiting this vulnerability can gain complete administrative access to the Formwork CMS instance. This grants them the ability to modify website content, install malicious code, access sensitive data stored within the CMS, and potentially compromise the underlying server. The flat-file nature of Formwork means that data is often stored in plain text, increasing the risk of data exfiltration. Successful exploitation could lead to defacement, data breaches, and complete loss of control over the website.
CVE-2026-27198 was publicly disclosed on 2026-02-21. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's simplicity suggests it could be easily exploited. The EPSS score is likely to be medium, reflecting the ease of exploitation and potential impact. It is not currently listed on the CISA KEV catalog.
Organizations using Formwork CMS, particularly those with multiple users and a reliance on the 'editor' role for content management, are at risk. Shared hosting environments where multiple CMS instances share the same server are also at increased risk, as a compromise of one instance could potentially lead to the compromise of others.
• php: Examine Formwork CMS configuration files for unusual user roles or permissions. • generic web: Monitor access logs for POST requests to account creation endpoints with suspicious parameters. • generic web: Check CMS logs for successful account creations with administrative roles by users with the 'editor' role.
# Example: Grepping access logs for account creation attempts
grep 'POST /admin/users/create' access.logdisclosure
Exploit-Status
EPSS
0.02% (4% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-27198 is to immediately upgrade Formwork CMS to version 2.3.4 or later. If upgrading is not immediately feasible, consider implementing stricter role-based access controls at the web server level to limit the privileges of the 'editor' role. While not a complete solution, this can reduce the potential impact. Review user accounts and disable any newly created administrative accounts that appear suspicious. Monitor access logs for unusual activity, particularly account creation attempts.
Aktualisieren Sie Formwork auf Version 2.3.4 oder höher. Diese Version behebt die Schwachstelle, die es Benutzern mit Editor-Berechtigungen ermöglicht, Konten mit Administrator-Berechtigungen zu erstellen. Das Update verhindert die Eskalation von Berechtigungen und schützt das CMS vor einer vollständigen Kompromittierung.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-27198 is a vulnerability in Formwork CMS where an editor can create admin accounts, gaining full control. It affects versions 2.0.0 through 2.3.3 and is rated HIGH severity.
You are affected if you are running Formwork CMS versions 2.0.0 through 2.3.3. Check your version and upgrade immediately if vulnerable.
Upgrade Formwork CMS to version 2.3.4 or later to resolve this vulnerability. If immediate upgrade is not possible, implement stricter role-based access controls.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the Formwork CMS official website and security advisories for the latest information and updates regarding CVE-2026-27198.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.