1024-lab smart-admin Demo Site index.html access control_CVE-2026-7468

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-7468

Source VulDB

Published Apr 30, 2026 at 01:00

Affected Product

Vendor 1024-lab

Product smart-admin

Version 3.0

Affected Versions 1024-lab smart-admin 3.0
1024-lab smart-admin 3.1
1024-lab smart-admin 3.2
1024-lab smart-admin 3.3
1024-lab smart-admin 3.4
1024-lab smart-admin 3.5
1024-lab smart-admin 3.6
1024-lab smart-admin 3.7
1024-lab smart-admin 3.8
1024-lab smart-admin 3.9
1024-lab smart-admin 3.10
1024-lab smart-admin 3.11
1024-lab smart-admin 3.12
1024-lab smart-admin 3.13
1024-lab smart-admin 3.14
1024-lab smart-admin 3.15
1024-lab smart-admin 3.16
1024-lab smart-admin 3.17
1024-lab smart-admin 3.18
1024-lab smart-admin 3.19
1024-lab smart-admin 3.20
1024-lab smart-admin 3.21
1024-lab smart-admin 3.22
1024-lab smart-admin 3.23
1024-lab smart-admin 3.24
1024-lab smart-admin 3.25
1024-lab smart-admin 3.26
1024-lab smart-admin 3.27
1024-lab smart-admin 3.28
1024-lab smart-admin 3.29
1024-lab smart-admin 3.30.0

CWE Classification

CWE-284 CWE-266

References

{
    "lastseen": "",
    "description": "A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-04-30T01:00:13.571Z",
    "modified": "2026-04-30T01:00:13.571Z",
    "type": "cve",
    "title": "1024-lab smart-admin Demo Site index.html access control",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360204\nhttps://vuldb.com/vuln/360204/cti\nhttps://vuldb.com/submit/804228\nhttps://github.com/1024-lab/smart-admin/issues/117\nhttps://github.com/1024-lab/smart-admin/",
    "id": "CVE-2026-7468",
    "bulletinFamily": "",
    "cwe": [
        "CWE-284",
        "CWE-266"
    ],
    "cvelist": null,
    "sourceData": "1024-lab smart-admin 3.0\n1024-lab smart-admin 3.1\n1024-lab smart-admin 3.2\n1024-lab smart-admin 3.3\n1024-lab smart-admin 3.4\n1024-lab smart-admin 3.5\n1024-lab smart-admin 3.6\n1024-lab smart-admin 3.7\n1024-lab smart-admin 3.8\n1024-lab smart-admin 3.9\n1024-lab smart-admin 3.10\n1024-lab smart-admin 3.11\n1024-lab smart-admin 3.12\n1024-lab smart-admin 3.13\n1024-lab smart-admin 3.14\n1024-lab smart-admin 3.15\n1024-lab smart-admin 3.16\n1024-lab smart-admin 3.17\n1024-lab smart-admin 3.18\n1024-lab smart-admin 3.19\n1024-lab smart-admin 3.20\n1024-lab smart-admin 3.21\n1024-lab smart-admin 3.22\n1024-lab smart-admin 3.23\n1024-lab smart-admin 3.24\n1024-lab smart-admin 3.25\n1024-lab smart-admin 3.26\n1024-lab smart-admin 3.27\n1024-lab smart-admin 3.28\n1024-lab smart-admin 3.29\n1024-lab smart-admin 3.30.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "smart-admin",
    "version": "3.0",
    "vendor": "1024-lab",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}