ByteOS Network

NVD Vulnerability Details :

CVE-2026-43934

Received

Source-security-advisories@github.com

Published At-26 May, 2026 | 16:16

Updated At-26 May, 2026 | 18:16

e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting user’s ownership of the comment. This vulnerability is fixed in 2.3.4.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Weaknesses

CWE ID	Type	Source
CWE-284	Secondary	security-advisories@github.com
CWE-639	Secondary	security-advisories@github.com

CWE ID: CWE-284

Type: Secondary

Source: security-advisories@github.com

CWE ID: CWE-639

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/e107inc/e107/commit/23961a8f	security-advisories@github.com	N/A
https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6	security-advisories@github.com	N/A
https://github.com/e107inc/e107/security/advisories/GHSA-5w63-63rh-99q6	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A