{"id":"CVE-2026-32755","summary":"Admidio is Missing CSRF Protection on Role Membership Date Changes","details":"Admidio is an open-source user management solution. In versions 5.0.6 and below, the save_membership action in modules/profile/profile_function.php saves changes to a member's role membership start and end dates but does not validate the CSRF token. The handler checks stop_membership and remove_former_membership against the CSRF token but omits save_membership from that check. Because membership UUIDs appear in the HTML source visible to authenticated users, an attacker can embed a crafted POST form on any external page and trick a role leader into submitting it, silently altering membership dates for any member of roles the victim leads. A role leader's session can be silently exploited via CSRF to manipulate any member's membership dates, terminating access by backdating, covertly extending unauthorized access, or revoking role-restricted features, all without confirmation, notification, or administrative approval. This issue has been fixed in version 5.0.7.","aliases":["GHSA-h8gr-qwr6-m9gx"],"modified":"2026-04-10T05:42:28.763076Z","published":"2026-03-19T22:53:09.081Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32755.json","cwe_ids":["CWE-352"]},"references":[{"type":"WEB","url":"https://github.com/Admidio/admidio/releases/tag/v5.0.7"},{"type":"ADVISORY","url":"https://github.com/Admidio/admidio/security/advisories/GHSA-h8gr-qwr6-m9gx"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32755.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32755"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/admidio/admidio","events":[{"introduced":"0"},{"fixed":"c06fc2f5491170013b4af2b5d6888bc62a3edbf9"}]}],"versions":["3.0-Beta.1","3.0-Beta.3","v3.0.6","v3.1.5","v3.2-Beta.1","v34","v4.0-Beta.1","v4.1-Beta.2","v4.3-Beta.1","v5.0-Beta.1","v5.0-Beta.2","v5.0-Beta.3","v5.0.0","v5.0.1","v5.0.2","v5.0.3","v5.0.4","v5.0.5","v5.0.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32755.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N"}]}