CVE-2026-2896 | funadmin up to 7.1.0-rc4 Configuration Ajax.php setConfig improper authorization

Inserito da Angelo Barbosa | Feb 20, 2026 | CVE

A vulnerability was found in funadmin up to 7.1.0-rc4. It has been declared as critical. This affects the function setConfig of the file app/backend/controller/Ajax.php of the component Configuration Handler. Executing a manipulation can lead to improper authorization.

This vulnerability is handled as CVE-2026-2896. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2896 | funadmin up to 7.1.0-rc4 Configuration Ajax.php setConfig improper authorization

Post correlati

CVE-2024-26491 | Media Gallery with Description Module 2.33 Gallery name cross site scripting

CVE-2024-57162 | Campcodes Cybercafe Management System 1.0 view-user-detail.php sql injection

CVE-2025-53927 | MaxKB up to 1.x shutil.copy2 code injection

CVE-2024-50134 | Linux Kernel up to 5.15.169/6.1.114/6.6.58/6.11.5 vboxvideo vbva_mouse_pointer_shape allocation of resources