Vvveb Privilege Escalation: RCE via Admin Profile Modification

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityremote-code-executioncwe-915
Vvveb Privilege Escalation: RCE via Admin Profile Modification

The National Vulnerability Database has disclosed CVE-2026-34427, a critical privilege escalation flaw in Vvveb prior to version 1.0.8.1. This vulnerability allows authenticated users to manipulate their own admin user profile save endpoint. By injecting role_id=1 into profile save requests, an attacker can elevate their privileges to Super Administrator.

This privilege escalation is a direct path to remote code execution (RCE). Once an attacker achieves Super Administrator status, they gain the ability to upload plugins. This functionality can be readily abused to deploy malicious code, giving the attacker full control over the compromised Vvveb instance.

With a CVSS score of 8.8 (High), this vulnerability presents a significant risk. The low attack complexity and lack of user interaction required make it highly exploitable for any authenticated user. Defenders must prioritize patching to mitigate the severe impact of potential system compromise, data exfiltration, and service disruption.

What This Means For You

  • If your organization uses Vvveb, immediately check your version. Any instance running prior to 1.0.8.1 is critically vulnerable. Patch to version 1.0.8.1 or newer without delay. Audit logs for any suspicious privilege changes or plugin uploads, especially from authenticated but non-administrative users. This is a direct path to RCE.

Related ATT&CK Techniques

T1078.002 Valid Accounts: Account Manipulation Privilege Escalation T1548.002 Abuse Elevation Control Mechanism: Bypass User Account Control Privilege Escalation T1190 Exploit Public-Facing Application Initial Access

🛡️ Detection Rules

1 rule · 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Sigma YAML is free — copy below.

critical T1078.002 Privilege Escalation

Vvveb Admin Profile Privilege Escalation - CVE-2026-34427

Sigma YAML — free preview

Indicators of Compromise

IDTypeIndicator
CVE-2026-34427 Privilege Escalation Vvveb prior to 1.0.8.1
CVE-2026-34427 Privilege Escalation admin user profile save endpoint
CVE-2026-34427 Privilege Escalation inject role_id=1 into profile save requests
CVE-2026-34427 RCE plugin upload functionality

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 20, 2026 at 19:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6662: Open CORS Policy in copilot-api Exposes Token Endpoint

CVE-2026-6662 — A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the...

vulnerabilityCVEhigh-severitycwe-346cwe-942
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 3 IOCs /⚙ 2 Sigma

KissFFT Integer Overflow: Heap Corruption Risk in Signal Processing

CVE-2026-41445 — KissFFT before commit 8a8e66e contains an integer overflow vulnerability in the kiss_fftndr_alloc() function in kiss_fftndr.c where the allocation size calculation dimOther*(dimReal+2)*sizeof(kiss_fft_scalar) overflows signed 32-bit...

vulnerabilityCVEhigh-severitybuffer-overflowcwe-122cwe-190
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 4 IOCs /⚙ 3 Sigma

CVE-2026-35154 — IDRAC. A High Privileged Attacker With Local Access Vulnerability

CVE-2026-35154 — Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an...

vulnerabilityCVEmedium-severitycwe-269
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 2 IOCs /⚙ 2 Sigma