CVE-2026-32812

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-32812

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32812.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-32812

Aliases

GHSA-6j68-gcc3-mq73

Published

2026-03-20T01:58:05.390Z

Modified

2026-04-10T05:43:08.406766Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

Admidio Vulnerable to SSRF and Local File Read via Unrestricted URL Fetch in SSO Metadata Endpoint

Details

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, unrestricted URL fetch in the SSO Metadata API can result in SSRF and local file reads. The SSO Metadata fetch endpoint at modules/sso/fetchmetadata.php accepts an arbitrary URL via $GET['url'], validates it only with PHP's FILTERVALIDATEURL, and passes it directly to filegetcontents(). FILTERVALIDATEURL accepts file://, http://, ftp://, data://, and php:// scheme URIs. An authenticated administrator can use this endpoint to read arbitrary local files via the file:// wrapper (Local File Read), reach internal services via http:// (SSRF), or fetch cloud instance metadata. The full response body is returned verbatim to the caller. This issue has been fixed in version 5.0.7.

Database specific

{
    "cwe_ids": [
        "CWE-918"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32812.json",
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/Admidio/admidio

Affected ranges

Type

GIT

Repo

https://github.com/Admidio/admidio

Events

Introduced

59b4888d2be8acb9801f3024258663f7a787518c

Last affected

e11799f647188263196de4acacf80c9a5ad32b91

Database specific

{
    "versions": [
        {
            "introduced": "5.0.0"
        },
        {
            "last_affected": "5.0.6"
        }
    ]
}

Type: GIT
Repo: https://github.com/admidio/admidio
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f6b7a966abe4d75e9f707d665d7b4b5570e3185a

Fixed

c06fc2f5491170013b4af2b5d6888bc62a3edbf9

Affected versions

3.*

3.0-Beta.1

3.0-Beta.3

v3.*

v3.0.6

v3.1.5

v3.2-Beta.1

Other

v34

v4.*

v4.0-Beta.1

v4.1-Beta.2

v4.3-Beta.1

v5.*

v5.0-Beta.1

v5.0-Beta.2

v5.0-Beta.3

v5.0.0

v5.0.1

v5.0.2

v5.0.3

v5.0.4

v5.0.5

v5.0.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32812.json"