प्लेटफ़ॉर्म
php
घटक
formwork
में ठीक किया गया
2.0.1
CVE-2026-27198 is a privilege escalation vulnerability discovered in Formwork CMS, a flat file-based content management system. An authenticated user with the 'editor' role can exploit this flaw to create new accounts with administrative privileges, effectively gaining full control over the CMS. This vulnerability impacts versions 2.0.0 through 2.3.3 and has been resolved in version 2.3.4.
The impact of CVE-2026-27198 is significant. An attacker successfully exploiting this vulnerability can gain complete administrative access to the Formwork CMS instance. This allows them to modify content, install malicious plugins or themes, steal sensitive data stored within the CMS, and potentially pivot to other systems on the network. The flat-file architecture of Formwork means that data is stored in plain text, making it particularly vulnerable to data exfiltration if an attacker gains control. The ability to create admin accounts effectively bypasses all security controls intended to protect the CMS, leading to a complete compromise of the system.
CVE-2026-27198 was publicly disclosed on 2026-02-21. Currently, there are no known public exploits or active campaigns targeting this vulnerability. It is not listed on the CISA KEV catalog as of this writing. The ease of exploitation, given the requirement of only an authenticated 'editor' account, suggests that it could become a target for opportunistic attackers.
Organizations using Formwork CMS, particularly those with multiple users and a reliance on the 'editor' role for content management, are at risk. Shared hosting environments where multiple CMS instances share the same server are also at increased risk, as a compromise of one instance could potentially lead to the compromise of others.
• php: Examine Formwork CMS configuration files for unusual user roles or permissions. • generic web: Monitor access logs for POST requests to account creation endpoints with suspicious parameters. • generic web: Check CMS logs for successful account creations with administrative roles by users with the 'editor' role.
# Example: Grepping access logs for account creation attempts
grep 'POST /admin/users/create' access.logdisclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (4% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2026-27198 is to immediately upgrade Formwork CMS to version 2.3.4 or later. If upgrading is not immediately feasible, consider implementing stricter role-based access controls within the CMS, although this is not a complete solution. Review user accounts and permissions to identify any suspicious activity. Monitor CMS logs for unusual account creation attempts. While a WAF cannot directly prevent this vulnerability, it can help detect and block suspicious requests related to account creation. After upgrading, verify the fix by attempting to create a new user with administrative privileges using an editor account; the creation should be denied.
फॉर्मवर्क को संस्करण 2.3.4 या उच्चतर में अपडेट करें। यह संस्करण उस भेद्यता को ठीक करता है जो एडिटर विशेषाधिकार वाले उपयोगकर्ताओं को व्यवस्थापक विशेषाधिकारों के साथ खाते बनाने की अनुमति देता है। अपडेट से विशेषाधिकारों का बढ़ना रुकेगा और CMS को पूर्ण समझौते से बचाया जाएगा।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2026-27198 is a vulnerability in Formwork CMS where an editor can create admin accounts, gaining full control. It affects versions 2.0.0 through 2.3.3 and is rated HIGH severity.
You are affected if you are running Formwork CMS versions 2.0.0 through 2.3.3. Check your version and upgrade immediately if vulnerable.
Upgrade Formwork CMS to version 2.3.4 or later to resolve this vulnerability. If immediate upgrade is not possible, implement stricter role-based access controls.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's ease of exploitation makes it a potential target.
Refer to the Formwork CMS official website and security advisories for the latest information and updates regarding CVE-2026-27198.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।