A vulnerability classified as critical was found in Admin API up to 0.7.x. This impacts an unknown function of the file /api/admin/staff/permissions_update. The manipulation results in improper access controls.

This vulnerability is reported as CVE-2026-53645. The attack can be launched remotely. No exploit exists.