{"id":"CVE-2026-55212","summary":"Pimcore: Insufficient Permission Check on Class Definition Creation Endpoint Allows Privilege Escalation","details":"Pimcore is an Open Source Data & Experience Management Platform. Prior to 2025.4.6 and 2026.1.6, the Studio API class definition creation endpoint POST /pimcore-studio/api/class/definition/configuration-view/detail/create is guarded by the objects permission instead of the classes permission, allowing a standard editor-level user to create class definitions without admin privileges. Class definition creation generates new database tables and PHP class files on the server, and missing API-layer UID format validation allows malformed UIDs to reach model-layer validation and return internal exceptions. This issue is fixed in versions 2025.4.6 and 2026.1.6.","aliases":["GHSA-f97c-ph8j-8vff"],"modified":"2026-07-15T01:49:18.768788308Z","published":"2026-07-09T20:53:36.900Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-285"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55212.json"},"references":[{"type":"WEB","url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2025.4.6"},{"type":"WEB","url":"https://github.com/pimcore/studio-backend-bundle/releases/tag/v2026.1.6"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55212.json"},{"type":"ADVISORY","url":"https://github.com/pimcore/pimcore/security/advisories/GHSA-f97c-ph8j-8vff"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-55212"},{"type":"FIX","url":"https://github.com/pimcore/studio-backend-bundle/commit/d1a4788c0f159c360d550c34256c8abbbd633ae0"},{"type":"FIX","url":"https://github.com/pimcore/studio-backend-bundle/pull/1886"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pimcore/pimcore","events":[{"introduced":"37c14edb2693c4632187e2e78b6915c62af43042"},{"fixed":"ad60bad41946c33bebb4fd42e03b0a575759de02"}],"database_specific":{"extracted_events":[{"introduced":"2026.1.0"},{"fixed":"2026.1.6"}],"source":"AFFECTED_FIELD"}},{"type":"GIT","repo":"https://github.com/pimcore/studio-backend-bundle","events":[{"introduced":"0"},{"fixed":"d1a4788c0f159c360d550c34256c8abbbd633ae0"},{"fixed":"37977276a6d861cb407f8150cec8d7d2e8ba944a"},{"fixed":"fbe595c65c0ec4c6598743edc91532135dacc86e"}],"database_specific":{"source":["AFFECTED_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"2025.4.6"}]}}],"versions":["v2026.1.5","v2026.1.4","v2026.1.3","v2026.1.2","v2026.1.1","v2026.1.0","v2025.4.5","v2025.4.4","v2025.4.3","v2025.4.2","v2025.4.1","v2025.4.0","v0.15.17","v0.14.19","v0.13.20","v0.12.18","v0.12.9","v0.10.21","v0.9.30","v0.6.30","v0.5.20","v0.4.30"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55212.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"}]}