CVE-2026-34384 describes a Cross-Site Request Forgery (CSRF) vulnerability in Admidio, an open-source user management solution. This flaw allows an attacker to approve pending user registrations without proper authentication, potentially leading to unauthorized account creation and access. The vulnerability impacts versions of Admidio up to and including 5.0.8. A fix is available in version 5.0.8.
The primary impact of this CSRF vulnerability lies in the ability of an attacker to bypass the intended registration process and create new user accounts within the Admidio system. By crafting malicious links or requests, an attacker can trick a legitimate user into approving a registration request they did not initiate. This can lead to the creation of unauthorized accounts with potentially elevated privileges, depending on the Admidio configuration. The attacker could leverage these accounts for malicious purposes, such as data theft, system compromise, or further attacks within the network. The lack of CSRF protection on the approval actions (createuser, assignmember, assign_user) makes this vulnerability particularly concerning.
This vulnerability was publicly disclosed on 2026-03-31. There are currently no known public exploits or active campaigns targeting this specific vulnerability. The vulnerability's impact is moderate due to the requirement of knowing the user UUID and potentially tricking a user into clicking a malicious link. It is not currently listed on the CISA KEV catalog.
Organizations using Admidio for user management, particularly those running versions prior to 5.0.8, are at risk. Shared hosting environments where multiple users share the same Admidio instance are especially vulnerable, as an attacker could potentially compromise accounts belonging to other users.
• php / server:
find /var/www/html/admidio -name 'modules/registration.php' -print0 | xargs -0 grep -i 'approve.*GET'• generic web:
curl -I https://your-admidio-domain.com/modules/registration.php?approve=YOUR_UUIDInspect the response headers for any unexpected behavior or error messages. • php / server:
journalctl -u php-fpm | grep -i 'registration.php'Review PHP-FPM logs for suspicious requests to the registration.php endpoint.
disclosure
エクスプロイト状況
EPSS
0.02% (4% パーセンタイル)
CISA SSVC
CVSS ベクトル
The recommended mitigation for CVE-2026-34384 is to immediately upgrade Admidio to version 5.0.8 or later, which includes the necessary CSRF protection. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests to the /modules/registration.php endpoint with the approve parameter in the GET request. Additionally, review and restrict access to the Admidio installation to minimize the potential attack surface. After upgrading, confirm the fix by attempting to trigger a registration approval via a crafted URL and verifying that the action is blocked or requires proper authentication.
Admidioをバージョン5.0.8以降にアップデートしてください。このバージョンには、ユーザー登録承認アクションにおけるCSRF脆弱性の修正が含まれています。アップデートにより、適切な検証なしに攻撃者が保留中のユーザー登録を承認することを防ぎます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-34384 is a Cross-Site Request Forgery (CSRF) vulnerability affecting Admidio versions 5.0.8 and earlier, allowing unauthorized user account creation.
Yes, if you are running Admidio version 5.0.8 or earlier, you are vulnerable to this CSRF attack.
Upgrade Admidio to version 5.0.8 or later to resolve this vulnerability. Consider WAF rules as a temporary workaround.
As of now, there are no confirmed reports of active exploitation of CVE-2026-34384.
Refer to the official Admidio website and security advisories for the latest information and updates regarding CVE-2026-34384.