CVE-2026-30944: StudioCMS has Privilege Escalation via Insecure API Token Generation
The /studiocms_api/dashboard/api-tokens endpoint allows any authenticated user (at least Editor) to generate API tokens for any other user, including owner and admin accounts. The endpoint fails to validate whether the requesting user is authorized to create tokens on behalf of the target user ID, resulting in a full privilege escalation.
References
- github.com/advisories/GHSA-667w-mmh7-mrr4
- github.com/withstudiocms/studiocms
- github.com/withstudiocms/studiocms/commit/9eec9c3b45523b635cfe16d55aa55afabacbebe3
- github.com/withstudiocms/studiocms/commit/f4a209fc090c90195e2419fff47b48a46eab7441
- github.com/withstudiocms/studiocms/releases/tag/studiocms%400.4.0
- github.com/withstudiocms/studiocms/releases/tag/studiocms@0.4.0
- github.com/withstudiocms/studiocms/security/advisories/GHSA-667w-mmh7-mrr4
- nvd.nist.gov/vuln/detail/CVE-2026-30944
Code Behaviors & Features
Detect and mitigate CVE-2026-30944 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →