プラットフォーム
php
コンポーネント
admidio/admidio
修正版
5.0.1
5.0.8
CVE-2026-34382 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the admidio/admidio component. This flaw allows an attacker to silently delete list configurations within admidio, posing a significant risk to users with administrative privileges. The vulnerability affects versions of admidio up to and including v5.0.7, and a fix is available in version 5.0.8.
The primary impact of CVE-2026-34382 is the unauthorized deletion of admidio list configurations. An attacker can craft a malicious page that, when visited by an authenticated admidio user, triggers the deletion of these configurations. This is particularly concerning for users with administrator rights, as they can inadvertently delete organization-wide shared lists, disrupting workflows and potentially causing data loss. The attack relies on social engineering to lure the victim to the malicious page, making user awareness a crucial factor in mitigating the risk. The scope of the impact depends on the permissions of the compromised user; an administrator's actions could affect a much larger group.
CVE-2026-34382 was publicly disclosed on 2026-03-31. No known public proof-of-concept (POC) exploits are currently available, but the CSRF nature of the vulnerability makes it relatively straightforward to exploit. The vulnerability is not currently listed on the CISA KEV catalog. Given the ease of exploitation and the potential impact, organizations should prioritize patching.
Organizations using admidio, particularly those with shared list configurations managed by administrators, are at risk. Environments with limited security awareness training or those relying on default admidio configurations are especially vulnerable. Shared hosting environments where multiple users share the same admidio instance also face increased risk.
• php: Examine admidio logs for unusual deletion events, particularly those originating from unexpected IP addresses.
• generic web: Monitor access logs for requests to modules/groups-roles/mylist_function.php with suspicious parameters.
• generic web: Use a web application firewall (WAF) to detect and block requests lacking a valid CSRF token for sensitive actions.
disclosure
エクスプロイト状況
EPSS
0.02% (5% パーセンタイル)
CISA SSVC
CVSS ベクトル
The recommended mitigation for CVE-2026-34382 is to immediately upgrade admidio to version 5.0.8 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing temporary workarounds. While a direct WAF rule to block CSRF attacks is generally applicable, it's less effective here due to the reliance on user interaction. Review admidio's configuration to ensure the principle of least privilege is enforced, limiting the potential impact of a compromised administrator account. Monitor admidio logs for suspicious deletion activity. After upgrading, confirm the fix by attempting to trigger a list deletion via a crafted CSRF request and verifying that the action is blocked.
Admidioをバージョン5.0.8以降にアップデートしてください。 このバージョンは、カスタムリストの削除におけるCross-Site Request Forgery (CSRF)の脆弱性を修正します。 アップデートにより、攻撃者がこの脆弱性を悪用して許可なくリスト構成を削除することを防ぎます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-34382 is a Cross-Site Request Forgery (CSRF) vulnerability in admidio/admidio versions up to v5.0.7, allowing attackers to delete list configurations without authorization.
You are affected if you are using admidio/admidio versions 5.0.7 or earlier. Upgrade to 5.0.8 or later to mitigate the risk.
Upgrade admidio/admidio to version 5.0.8 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting administrator access.
While no public exploits are currently known, the CSRF nature of the vulnerability suggests a potential for exploitation. Proactive patching is recommended.
Refer to the admidio project's official website or GitHub repository for the latest security advisories and release notes.