pkg:npm/studiocms

7 total CVEsHIGH2MEDIUM4LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH8.8CVE-2026-30944StudioCMS has Privilege Escalation via Insecure API Token Generation
    from 0, < 0.4.0
  • HIGH7.1CVE-2026-30945StudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of Service
    from 0, < 0.4.0
  • MEDIUM6.8CVE-2026-32103StudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link Generation
    from 0, < 0.4.3
  • MEDIUM6.5CVE-2026-24134StudioCMS has Authorization Bypass Through User-Controlled Key
    from 0, < 0.2.0
  • MEDIUM5.4CVE-2026-32104StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings
    from 0, < 0.4.3
  • MEDIUM4.7CVE-2026-32106StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts
    from 0, < 0.4.3
  • LOW2.7CVE-2026-32638StudioCMS REST getUsers Exposes Owner Account Records to Admin Tokens
    from 0, < 0.4.4