CVE-2026-8127

MEDIUM 6.3

eladmin Users API Endpoint UserController.java checkLevel access control

CVSS Score

6.3

EPSS Score

0.0%

EPSS Percentile

10th

A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-284 CWE-266
Vendor	n/a
Product	eladmin
Published	May 8, 2026
Last Updated	May 8, 2026

Stay Ahead of the Next One

Get instant alerts for n/a eladmin

Be the first to know when new medium vulnerabilities affecting n/a eladmin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

n/a / eladmin

2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/361917 vuldb.com: https://vuldb.com/vuln/361917/cti vuldb.com: https://vuldb.com/submit/808771 github.com: https://github.com/elunez/eladmin/issues/897

Credits

🔍 AliceS614 (VulDB User) VulDB CNA Team