Cyber Resilience

CVE-2026-30269

CriticalPublic PoC

Published: 20 April 2026

Published
20 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v3.1 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
EPSS Score 0.0028 20.0th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-30269 is a critical-severity Improper Privilege Management (CWE-269) vulnerability in Doorman Doorman. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 20.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-30269, published on 2026-04-20, is an improper access control vulnerability (CWE-269) in Doorman versions v0.1.0 and v1.0.2. It enables any authenticated user to update their own account role to a non-admin privileged role via the /platform/user/{username} endpoint. The update model accepts the `role` field without enforcing a manage_users permission check for self-updates, allowing unauthorized privilege escalation to high-privileged roles. The issue carries a CVSS v3.1 base score of 9.9 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L).

Any low-privileged authenticated user can exploit this vulnerability remotely with low complexity and no user interaction required. Exploitation involves sending a crafted request to the vulnerable endpoint to modify their own role, achieving privilege escalation to high-privileged roles. This grants attackers high impact on confidentiality and integrity, with scope expansion due to the escalated permissions, alongside low availability impact.

Mitigation details are available in the referenced advisory at https://blog.orxiain.life/archives/cve-2026-30269---improper-access-control-in-doorman-allows-privilege-escalation and the Doorman GitHub repository at https://github.com/apidoorman/doorman.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Improper access control in Doorman v0.1.0 and v1.0.2 allows any authenticated user to update their own account role to a non-admin privileged role via /platform/user/{username}. The `role` field is accepted by the update model without a manage_users permission check for…

more

self-updates, enabling privilege escalation to high-privileged roles.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Direct improper access control flaw in role-update endpoint allows low-privileged authenticated users to escalate to high-privileged roles via crafted request, matching exploitation for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-23896Shared CWE-269
CVE-2025-27639Shared CWE-269
CVE-2025-8899Shared CWE-269
CVE-2025-26705Shared CWE-269
CVE-2015-10139Shared CWE-269
CVE-2026-8972Shared CWE-269
CVE-2025-0893Shared CWE-269
CVE-2026-6769Shared CWE-269
CVE-2025-2858Shared CWE-269
CVE-2025-48613Shared CWE-269

Affected Assets

doorman
doorman
0.1.0, 1.0.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations on the /platform/user/{username} endpoint to block unauthorized self-updates to privileged roles.

prevent

Applies least privilege to restrict authenticated users from escalating their own roles without manage_users permission.

prevent

Requires management of user accounts and roles to prevent self-modification vulnerabilities in account update processes.

References