Security Advisory

CVE-2026-34427

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-20 13:55:15
Last updated 2026-05-08 13:55:54
Assigner VulnCheck
State PUBLISHED

Description

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super Administrator privileges, enabling plugin upload functionality for remote code execution.