CVE-2026-13544 MEDIUM

CVE-2026-13544: Feehi CMS API users access control

Vendor Feehi
Product CMS
Weakness CWE-284
Published June 29, 2026
Last update June 29, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Key dates

02Disclosure timeline

June 29, 2026 CVE published
June 29, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-2734 Authorization Bypass in SearchModelVersions in mlflow/mlflow CVE-2026-24035 Horilla has Improper Access Control Issue that Allows Unauthorized Document Upload on Behalf of Another Employee CVE-2026-47269 pam_usb: deny_remote feature incorrectly classifies IPv4-mapped IPv6 remote connections as local CVE-2020-16241 Philips SureSigns VS4 Improper Access Control CVE-2024-5272 Run Details leak to guest via webhook event "custom_playbooks_playbook_run_updated"