CVE-2026-24134
- Source
- https://cve.org/CVERecord?id=CVE-2026-24134
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24134.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-24134
- Aliases
- Published
- 2026-01-27T23:34:55.922Z
- Modified
- 2026-03-14T12:49:49.940998Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- StudioCMS has an Authorization Bypass Through User-Controlled Key
- Details
-
StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-639", "CWE-862" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24134.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24134.json
- https://github.com/withstudiocms/studiocms/commit/efc10bee20db090fdd75463622c30dda390c50ad
- https://github.com/withstudiocms/studiocms/releases/tag/studiocms%400.2.0
- https://github.com/withstudiocms/studiocms/security/advisories/GHSA-8cw6-53m5-4932
- https://nvd.nist.gov/vuln/detail/CVE-2026-24134
Affected packages
Git / github.com/withstudiocms/studiocms
Affected ranges
- Type
- GIT
- Repo
- https://github.com/withstudiocms/studiocms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/withstudiocms/studiocms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0-beta.1
@astrolicious/studiocms-blog@0.*
@astrolicious/studiocms-blog@0.1.0-beta.2
@astrolicious/studiocms-blog@0.1.0-beta.3
@astrolicious/studiocms-blog@0.1.0-beta.4
@astrolicious/studiocms@0.*
@astrolicious/studiocms@0.1.0-beta.2
@astrolicious/studiocms@0.1.0-beta.3
@astrolicious/studiocms@0.1.0-beta.4
@studiocms/assets@0.*
@studiocms/assets@0.1.0-beta.5
@studiocms/assets@0.1.0-beta.6
@studiocms/assets@0.1.0-beta.7
@studiocms/auth0@0.*
@studiocms/auth0@0.1.0
@studiocms/auth0@0.1.0-beta.23
@studiocms/auth0@0.1.0-beta.24
@studiocms/auth0@0.1.0-beta.25
@studiocms/auth0@0.1.0-beta.26
@studiocms/auth0@0.1.0-beta.27
@studiocms/auth0@0.1.0-beta.28
@studiocms/auth0@0.1.0-beta.29
@studiocms/auth0@0.1.0-beta.30
@studiocms/auth0@0.1.0-beta.31
@studiocms/auth0@0.1.1
@studiocms/auth@0.*
@studiocms/auth@0.1.0-beta.5
@studiocms/auth@0.1.0-beta.6
@studiocms/auth@0.1.0-beta.7
@studiocms/betaresources@0.*
@studiocms/betaresources@0.1.0-beta.5
@studiocms/betaresources@0.1.0-beta.6
@studiocms/betaresources@0.1.0-beta.7
@studiocms/blog@0.*
@studiocms/blog@0.1.0
@studiocms/blog@0.1.0-beta.10
@studiocms/blog@0.1.0-beta.11
@studiocms/blog@0.1.0-beta.12
@studiocms/blog@0.1.0-beta.13
@studiocms/blog@0.1.0-beta.14
@studiocms/blog@0.1.0-beta.15
@studiocms/blog@0.1.0-beta.16
@studiocms/blog@0.1.0-beta.17
@studiocms/blog@0.1.0-beta.18
@studiocms/blog@0.1.0-beta.19
@studiocms/blog@0.1.0-beta.20
@studiocms/blog@0.1.0-beta.21
@studiocms/blog@0.1.0-beta.22
@studiocms/blog@0.1.0-beta.23
@studiocms/blog@0.1.0-beta.24
@studiocms/blog@0.1.0-beta.25
@studiocms/blog@0.1.0-beta.26
@studiocms/blog@0.1.0-beta.27
@studiocms/blog@0.1.0-beta.28
@studiocms/blog@0.1.0-beta.29
@studiocms/blog@0.1.0-beta.30
@studiocms/blog@0.1.0-beta.31
@studiocms/blog@0.1.0-beta.5
@studiocms/blog@0.1.0-beta.6
@studiocms/blog@0.1.0-beta.7
@studiocms/blog@0.1.0-beta.8
@studiocms/blog@0.1.0-beta.9
@studiocms/blog@0.1.1
@studiocms/cloudinary-image-service@0.*
@studiocms/cloudinary-image-service@0.1.0
@studiocms/cloudinary-image-service@0.1.0-beta.19
@studiocms/cloudinary-image-service@0.1.0-beta.20
@studiocms/cloudinary-image-service@0.1.0-beta.21
@studiocms/cloudinary-image-service@0.1.0-beta.22
@studiocms/cloudinary-image-service@0.1.0-beta.23
@studiocms/cloudinary-image-service@0.1.0-beta.24
@studiocms/cloudinary-image-service@0.1.0-beta.25
@studiocms/cloudinary-image-service@0.1.0-beta.26
@studiocms/cloudinary-image-service@0.1.0-beta.27
@studiocms/cloudinary-image-service@0.1.0-beta.28
@studiocms/cloudinary-image-service@0.1.0-beta.29
@studiocms/cloudinary-image-service@0.1.0-beta.30
@studiocms/cloudinary-image-service@0.1.0-beta.31
@studiocms/cloudinary-image-service@0.1.1
@studiocms/core@0.*
@studiocms/core@0.1.0-beta.5
@studiocms/core@0.1.0-beta.6
@studiocms/core@0.1.0-beta.7
@studiocms/dashboard@0.*
@studiocms/dashboard@0.1.0-beta.5
@studiocms/dashboard@0.1.0-beta.6
@studiocms/dashboard@0.1.0-beta.7
@studiocms/devapps@0.*
@studiocms/devapps@0.1.0
@studiocms/devapps@0.1.0-beta.10
@studiocms/devapps@0.1.0-beta.11
@studiocms/devapps@0.1.0-beta.12
@studiocms/devapps@0.1.0-beta.13
@studiocms/devapps@0.1.0-beta.14
@studiocms/devapps@0.1.0-beta.15
@studiocms/devapps@0.1.0-beta.16
@studiocms/devapps@0.1.0-beta.17
@studiocms/devapps@0.1.0-beta.18
@studiocms/devapps@0.1.0-beta.19
@studiocms/devapps@0.1.0-beta.20
@studiocms/devapps@0.1.0-beta.21
@studiocms/devapps@0.1.0-beta.22
@studiocms/devapps@0.1.0-beta.23
@studiocms/devapps@0.1.0-beta.24
@studiocms/devapps@0.1.0-beta.25
@studiocms/devapps@0.1.0-beta.26
@studiocms/devapps@0.1.0-beta.27
@studiocms/devapps@0.1.0-beta.28
@studiocms/devapps@0.1.0-beta.29
@studiocms/devapps@0.1.0-beta.30
@studiocms/devapps@0.1.0-beta.31
@studiocms/devapps@0.1.0-beta.8
@studiocms/devapps@0.1.0-beta.9
@studiocms/devapps@0.1.1
@studiocms/discord@0.*
@studiocms/discord@0.1.0
@studiocms/discord@0.1.0-beta.23
@studiocms/discord@0.1.0-beta.24
@studiocms/discord@0.1.0-beta.25
@studiocms/discord@0.1.0-beta.26
@studiocms/discord@0.1.0-beta.27
@studiocms/discord@0.1.0-beta.28
@studiocms/discord@0.1.0-beta.29
@studiocms/discord@0.1.0-beta.30
@studiocms/discord@0.1.0-beta.31
@studiocms/discord@0.1.1
@studiocms/frontend@0.*
@studiocms/frontend@0.1.0-beta.5
@studiocms/frontend@0.1.0-beta.6
@studiocms/frontend@0.1.0-beta.7
@studiocms/github@0.*
@studiocms/github@0.1.0
@studiocms/github@0.1.0-beta.23
@studiocms/github@0.1.0-beta.24
@studiocms/github@0.1.0-beta.25
@studiocms/github@0.1.0-beta.26
@studiocms/github@0.1.0-beta.27
@studiocms/github@0.1.0-beta.28
@studiocms/github@0.1.0-beta.29
@studiocms/github@0.1.0-beta.30
@studiocms/github@0.1.0-beta.31
@studiocms/github@0.1.1
@studiocms/google@0.*
@studiocms/google@0.1.0
@studiocms/google@0.1.0-beta.23
@studiocms/google@0.1.0-beta.24
@studiocms/google@0.1.0-beta.25
@studiocms/google@0.1.0-beta.26
@studiocms/google@0.1.0-beta.27
@studiocms/google@0.1.0-beta.28
@studiocms/google@0.1.0-beta.29
@studiocms/google@0.1.0-beta.30
@studiocms/google@0.1.0-beta.31
@studiocms/google@0.1.1
@studiocms/html@0.*
@studiocms/html@0.1.0
@studiocms/html@0.1.0-beta.22
@studiocms/html@0.1.0-beta.23
@studiocms/html@0.1.0-beta.24
@studiocms/html@0.1.0-beta.25
@studiocms/html@0.1.0-beta.26
@studiocms/html@0.1.0-beta.27
@studiocms/html@0.1.0-beta.28
@studiocms/html@0.1.0-beta.29
@studiocms/html@0.1.0-beta.30
@studiocms/html@0.1.0-beta.31
@studiocms/html@0.1.1
@studiocms/imagehandler@0.*
@studiocms/imagehandler@0.1.0-beta.5
@studiocms/imagehandler@0.1.0-beta.6
@studiocms/imagehandler@0.1.0-beta.7
@studiocms/markdoc@0.*
@studiocms/markdoc@0.1.0
@studiocms/markdoc@0.1.0-beta.13
@studiocms/markdoc@0.1.0-beta.14
@studiocms/markdoc@0.1.0-beta.15
@studiocms/markdoc@0.1.0-beta.16
@studiocms/markdoc@0.1.0-beta.17
@studiocms/markdoc@0.1.0-beta.18
@studiocms/markdoc@0.1.0-beta.19
@studiocms/markdoc@0.1.0-beta.20
@studiocms/markdoc@0.1.0-beta.21
@studiocms/markdoc@0.1.0-beta.22
@studiocms/markdoc@0.1.0-beta.23
@studiocms/markdoc@0.1.0-beta.24
@studiocms/markdoc@0.1.0-beta.25
@studiocms/markdoc@0.1.0-beta.26
@studiocms/markdoc@0.1.0-beta.27
@studiocms/markdoc@0.1.0-beta.28
@studiocms/markdoc@0.1.0-beta.29
@studiocms/markdoc@0.1.0-beta.30
@studiocms/markdoc@0.1.0-beta.31
@studiocms/markdoc@0.1.1
@studiocms/md@0.*
@studiocms/md@0.1.0
@studiocms/md@0.1.0-beta.22
@studiocms/md@0.1.0-beta.23
@studiocms/md@0.1.0-beta.24
@studiocms/md@0.1.0-beta.25
@studiocms/md@0.1.0-beta.26
@studiocms/md@0.1.0-beta.27
@studiocms/md@0.1.0-beta.28
@studiocms/md@0.1.0-beta.29
@studiocms/md@0.1.0-beta.30
@studiocms/md@0.1.0-beta.31
@studiocms/md@0.1.1
@studiocms/mdx@0.*
@studiocms/mdx@0.1.0
@studiocms/mdx@0.1.0-beta.13
@studiocms/mdx@0.1.0-beta.14
@studiocms/mdx@0.1.0-beta.15
@studiocms/mdx@0.1.0-beta.16
@studiocms/mdx@0.1.0-beta.17
@studiocms/mdx@0.1.0-beta.18
@studiocms/mdx@0.1.0-beta.19
@studiocms/mdx@0.1.0-beta.20
@studiocms/mdx@0.1.0-beta.21
@studiocms/mdx@0.1.0-beta.22
@studiocms/mdx@0.1.0-beta.23
@studiocms/mdx@0.1.0-beta.24
@studiocms/mdx@0.1.0-beta.25
@studiocms/mdx@0.1.0-beta.26
@studiocms/mdx@0.1.0-beta.27
@studiocms/mdx@0.1.0-beta.28
@studiocms/mdx@0.1.0-beta.29
@studiocms/mdx@0.1.0-beta.30
@studiocms/mdx@0.1.0-beta.31
@studiocms/mdx@0.1.1
@studiocms/migrator@0.*
@studiocms/migrator@0.1.0
@studiocms/migrator@0.1.0-beta.1
@studiocms/migrator@0.1.1
@studiocms/renderers@0.*
@studiocms/renderers@0.1.0-beta.5
@studiocms/renderers@0.1.0-beta.6
@studiocms/renderers@0.1.0-beta.7
@studiocms/robotstxt@0.*
@studiocms/robotstxt@0.1.0-beta.5
@studiocms/robotstxt@0.1.0-beta.6
@studiocms/robotstxt@0.1.0-beta.7
@studiocms/s3-storage@0.*
@studiocms/s3-storage@0.1.0
@studiocms/s3-storage@0.1.1
@studiocms/wysiwyg@0.*
@studiocms/wysiwyg@0.1.0
@studiocms/wysiwyg@0.1.0-beta.24
@studiocms/wysiwyg@0.1.0-beta.25
@studiocms/wysiwyg@0.1.0-beta.26
@studiocms/wysiwyg@0.1.0-beta.27
@studiocms/wysiwyg@0.1.0-beta.28
@studiocms/wysiwyg@0.1.0-beta.29
@studiocms/wysiwyg@0.1.0-beta.30
@studiocms/wysiwyg@0.1.0-beta.31
@studiocms/wysiwyg@0.1.1
@withstudiocms/auth-kit@0.*
@withstudiocms/auth-kit@0.1.0
@withstudiocms/auth-kit@0.1.0-beta.1
@withstudiocms/auth-kit@0.1.0-beta.2
@withstudiocms/auth-kit@0.1.0-beta.3
@withstudiocms/auth-kit@0.1.0-beta.4
@withstudiocms/auth-kit@0.1.0-beta.5
@withstudiocms/auth-kit@0.1.0-beta.6
@withstudiocms/auth-kit@0.1.1
@withstudiocms/buildkit@0.*
@withstudiocms/buildkit@0.1.0
@withstudiocms/buildkit@0.1.0-beta.1
@withstudiocms/buildkit@0.1.0-beta.2
@withstudiocms/buildkit@0.1.0-beta.3
@withstudiocms/buildkit@0.1.0-beta.4
@withstudiocms/buildkit@0.1.0-beta.5
@withstudiocms/buildkit@0.1.0-beta.6
@withstudiocms/component-registry@0.*
@withstudiocms/component-registry@0.1.0
@withstudiocms/component-registry@0.1.0-beta.1
@withstudiocms/component-registry@0.1.0-beta.2
@withstudiocms/component-registry@0.1.0-beta.3
@withstudiocms/component-registry@0.1.0-beta.4
@withstudiocms/component-registry@0.1.0-beta.5
@withstudiocms/component-registry@0.1.0-beta.6
@withstudiocms/component-registry@0.1.0-beta.7
@withstudiocms/component-registry@0.1.1
@withstudiocms/config-utils@0.*
@withstudiocms/config-utils@0.1.0
@withstudiocms/config-utils@0.1.0-beta.1
@withstudiocms/config-utils@0.1.0-beta.2
@withstudiocms/config-utils@0.1.0-beta.3
@withstudiocms/config-utils@0.1.0-beta.4
@withstudiocms/config-utils@0.1.0-beta.5
@withstudiocms/effect@0.*
@withstudiocms/effect@0.1.0
@withstudiocms/effect@0.1.0-beta.1
@withstudiocms/effect@0.1.0-beta.2
@withstudiocms/effect@0.1.0-beta.3
@withstudiocms/effect@0.1.0-beta.4
@withstudiocms/effect@0.1.0-beta.5
@withstudiocms/effect@0.1.0-beta.6
@withstudiocms/effect@0.1.0-beta.7
@withstudiocms/internal_helpers@0.*
@withstudiocms/internal_helpers@0.1.0
@withstudiocms/internal_helpers@0.1.0-beta.1
@withstudiocms/internal_helpers@0.1.0-beta.2
@withstudiocms/internal_helpers@0.1.0-beta.3
@withstudiocms/internal_helpers@0.1.0-beta.4
@withstudiocms/kysely@0.*
@withstudiocms/kysely@0.1.0
@withstudiocms/kysely@0.1.0-beta.1
@withstudiocms/sdk@0.*
@withstudiocms/sdk@0.1.0
@withstudiocms/sdk@0.1.0-beta.1
@withstudiocms/sdk@0.1.1
@withstudiocms/template-lang@0.*
@withstudiocms/template-lang@0.1.0
@withstudiocms/template-lang@0.1.0-beta.1
studiocms@0.*
studiocms@0.1.0
studiocms@0.1.0-beta.10
studiocms@0.1.0-beta.11
studiocms@0.1.0-beta.12
studiocms@0.1.0-beta.13
studiocms@0.1.0-beta.14
studiocms@0.1.0-beta.15
studiocms@0.1.0-beta.16
studiocms@0.1.0-beta.17
studiocms@0.1.0-beta.18
studiocms@0.1.0-beta.19
studiocms@0.1.0-beta.20
studiocms@0.1.0-beta.21
studiocms@0.1.0-beta.22
studiocms@0.1.0-beta.23
studiocms@0.1.0-beta.24
studiocms@0.1.0-beta.25
studiocms@0.1.0-beta.26
studiocms@0.1.0-beta.27
studiocms@0.1.0-beta.28
studiocms@0.1.0-beta.29
studiocms@0.1.0-beta.30
studiocms@0.1.0-beta.31
studiocms@0.1.0-beta.5
studiocms@0.1.0-beta.6
studiocms@0.1.0-beta.7
studiocms@0.1.0-beta.8
studiocms@0.1.0-beta.9
studiocms@0.1.1