Skip to content
CVSS 7.3 · HIGH

CVE-2026-7468

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Ver en NVD

Análisis

This vulnerability affects smart-admin, a niche administrative dashboard template. While it allows remote access control bypass and an exploit is public, the software is not a mainstream tool in the community's general stack. It does not warrant a broad alert compared to more widely used frameworks or infrastructure.

Severidad

Puntaje: 7.3(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
AV: NETWORK
AC: LOW
PR: NONE
UI: NONE
S: UNCHANGED
C: LOW
I: LOW
A: LOW
Tipo de falla (CWE): CWE-266CWE-284

EPSS

Probabilidad de explotación (próx. 30 días): 0.0005 (0.1%)
Percentil: 16.4%
EPSS: 2026-05-06

Descripción técnica

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Publicada: 30/4/2026, 1:16:03
Última modificación: 30/4/2026, 14:52:54

Referencias

InicioEventosBlogRecursosEquipo