CVE 8.7 HIGH

Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save_CVE-2026-34427

April 20, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super Administrator privileges, enabling plugin upload functionality for remote code execution.

AI Analysis

Privilege escalation vulnerability in Vvveb admin user profile save endpoint

Basic Information

ID CVE-2026-34427

Source VulnCheck

Published Apr 20, 2026 at 13:55

Affected Product

Vendor givanz

Product Vvveb

Affected Versions givanz Vvveb 0

CWE Classification

CWE-915

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor givanz

Product Vvveb

Version < 1.0.8.1

References

{
    "lastseen": "",
    "description": "Vvveb prior to\u00a01.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attackers can inject role_id=1 into profile save requests to escalate to Super Administrator privileges, enabling plugin upload functionality for remote code execution.",
    "published": "2026-04-20T13:55:15.311Z",
    "modified": "2026-04-20T13:55:28.175Z",
    "type": "cve",
    "title": "Vvveb < 1.0.8.1 Privilege Escalation via admin/user/save",
    "source": "VulnCheck",
    "references": "https://github.com/givanz/Vvveb/releases/tag/1.0.8.1\nhttps://github.com/givanz/Vvveb/commit/0eca14af50f038915b8bf7ceec2becf6b6720b0a\nhttps://www.vulncheck.com/advisories/vvveb-privilege-escalation-via-admin-user-save",
    "id": "CVE-2026-34427",
    "bulletinFamily": "",
    "cwe": [
        "CWE-915"
    ],
    "cvelist": null,
    "sourceData": "givanz Vvveb 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Vvveb",
    "version": "0",
    "vendor": "givanz",
    "ai_description": "Privilege escalation vulnerability in Vvveb admin user profile save endpoint",
    "ai_severity": "High",
    "ai_vendor": "givanz",
    "ai_product": "Vvveb",
    "ai_version": "< 1.0.8.1",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply