CVE 9.8 CRITICAL

CVE-2026-31070_CVE-2026-31070

May 20, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body

AI Analysis

Privilege escalation vulnerability in the LalanaChami Pharmacy Management System due to insufficient validation of the role parameter during user registration

Basic Information

ID CVE-2026-31070

Source mitre

Published May 19, 2026 at 00:00

Modified May 20, 2026 at 13:55

Affected Product

Vendor LalanaChami

Product LalanaChami Pharmacy Management System

Version 5c3d028

Affected Versions n/a n/a n/a

CWE Classification

CWE-269

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor LalanaChami

Product LalanaChami Pharmacy Management System

Version 5c3d028

References

{
    "lastseen": "",
    "description": "The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body",
    "published": "2026-05-19T00:00:00.000Z",
    "modified": "2026-05-20T13:55:31.179Z",
    "type": "cve",
    "title": "CVE-2026-31070",
    "source": "mitre",
    "references": "https://github.com/LalanaChami/Pharmacy-Mangment-System/blob/5c3d02888631166649856f71d542387114b3010b/backend/routes/user.js#L16\nhttps://gist.github.com/nedlir/22bf6d1a3a07209be3e343744bc81d51",
    "id": "CVE-2026-31070",
    "bulletinFamily": "",
    "cwe": [
        "CWE-269"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LalanaChami Pharmacy Management System",
    "version": "5c3d028",
    "vendor": "LalanaChami",
    "ai_description": "Privilege escalation vulnerability in the LalanaChami Pharmacy Management System due to insufficient validation of the role parameter during user registration",
    "ai_severity": "Critical",
    "ai_vendor": "LalanaChami",
    "ai_product": "LalanaChami Pharmacy Management System",
    "ai_version": "5c3d028",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply