Platform
php
Component
admidio
Fixed in
5.0.9
CVE-2026-34384 describes a Cross-Site Request Forgery (CSRF) vulnerability in Admidio, an open-source user management solution. This flaw allows an attacker to approve pending user registrations without proper authentication, potentially leading to unauthorized account creation and access. The vulnerability impacts versions of Admidio up to and including 5.0.8. A fix is available in version 5.0.8.
The primary impact of this CSRF vulnerability lies in the ability of an attacker to bypass the intended registration process and create new user accounts within the Admidio system. By crafting malicious links or requests, an attacker can trick a legitimate user into approving a registration request they did not initiate. This can lead to the creation of unauthorized accounts with potentially elevated privileges, depending on the Admidio configuration. The attacker could leverage these accounts for malicious purposes, such as data theft, system compromise, or further attacks within the network. The lack of CSRF protection on the approval actions (createuser, assignmember, assign_user) makes this vulnerability particularly concerning.
This vulnerability was publicly disclosed on 2026-03-31. There are currently no known public exploits or active campaigns targeting this specific vulnerability. The vulnerability's impact is moderate due to the requirement of knowing the user UUID and potentially tricking a user into clicking a malicious link. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.02% (4% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation for CVE-2026-34384 is to immediately upgrade Admidio to version 5.0.8 or later, which includes the necessary CSRF protection. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the /modules/registration.php endpoint with the approve parameter in the GET request. Additionally, review and restrict access to the Admidio installation to minimize the potential attack surface. After upgrading, confirm the fix by attempting to trigger a registration approval via a crafted URL and verifying that the action is blocked or requires proper authentication.
Update Admidio to version 5.0.8 or higher. This version includes a fix for the CSRF vulnerability in user registration approval actions. The update will prevent attackers from approving pending user registrations without proper validation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34384 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Admidio versions 5.0.8 and earlier, allowing unauthorized user account creation.
Yes, if you are running Admidio version 5.0.8 or earlier, you are vulnerable to this CSRF attack.
Upgrade Admidio to version 5.0.8 or later to resolve this vulnerability. Consider WAF rules as a temporary workaround.
As of now, there are no confirmed reports of active exploitation of CVE-2026-34384.
Refer to the official Admidio website and security advisories for the latest information and updates regarding CVE-2026-34384.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.