Bludit CMS has improper authorization and mediation failure leading to...

8.8 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized access to the system. Version 3.22.0 fixes the issue.

AI Analysis

Broken Access Control flaw allowing revoked users to maintain full unauthorized access to the system via "Ghost Session"

Basic Information

ID CVE-2026-46656

Source GitHub_M

Published Jun 8, 2026 at 14:51

Affected Product

Vendor bludit

Product bludit

Version < 3.22.0

Affected Versions bludit bludit < 3.22.0

CWE Classification

CWE-285 CWE-613

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Bludit

Product Bludit CMS

Version < 3.22.0

References

{
    "lastseen": "",
    "description": "Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been  physically deleted from the database. This \"Ghost Session\" allows revoked users to maintain full unauthorized access to the system. Version 3.22.0 fixes the issue.",
    "published": "2026-06-08T14:51:32.720Z",
    "modified": "2026-06-08T14:51:32.720Z",
    "type": "cve",
    "title": "Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions",
    "source": "GitHub_M",
    "references": "https://github.com/bludit/bludit/security/advisories/GHSA-rpq2-j9w3-h4jw\nhttps://github.com/bludit/bludit/commit/7931d1c55a3cc535911a9901c328f0197afe1c9f\nhttps://github.com/bludit/bludit/releases/tag/3.22.0",
    "id": "CVE-2026-46656",
    "bulletinFamily": "",
    "cwe": [
        "CWE-285",
        "CWE-613"
    ],
    "cvelist": null,
    "sourceData": "bludit bludit < 3.22.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "bludit",
    "version": "< 3.22.0",
    "vendor": "bludit",
    "ai_description": "Broken Access Control flaw allowing revoked users to maintain full unauthorized access to the system via \"Ghost Session\"",
    "ai_severity": "High",
    "ai_vendor": "Bludit",
    "ai_product": "Bludit CMS",
    "ai_version": "< 3.22.0",
    "ai_score": 8.8
}

Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions_CVE-2026-46656