CVE-2026-7468

HIGH 7.3

1024-lab smart-admin Demo Site index.html access control

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-284 CWE-266
Vendor	1024-lab
Product	smart-admin
Published	Apr 30, 2026

Stay Ahead of the Next One

Get instant alerts for 1024-lab smart-admin

Be the first to know when new high vulnerabilities affecting 1024-lab smart-admin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

1024-lab / smart-admin

3.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11 3.12 3.13 3.14 3.15 3.16 3.17 3.18 3.19 3.20 3.21 3.22 3.23 3.24 3.25 3.26 3.27 3.28 3.29 3.30.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/360204 vuldb.com: https://vuldb.com/vuln/360204/cti vuldb.com: https://vuldb.com/submit/804228 github.com: https://github.com/1024-lab/smart-admin/issues/117 github.com: https://github.com/1024-lab/smart-admin/

Credits

🔍 renyu (VulDB User) VulDB CNA Team