Cyber Resilience

CVE-2026-34381

HighPublic PoC

Published: 31 March 2026

Published
31 March 2026
Modified
01 April 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0005 17.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34381 is a high-severity Improper Access Control (CWE-284) vulnerability in Admidio Admidio. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-22 (Publicly Accessible Content) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-34381 is an improper access control vulnerability (CWE-284) in Admidio, an open-source user management solution. It affects versions 5.0.0 through 5.0.7 when deployed using the official Docker image. Admidio relies on an .htaccess file in the adm_my_files directory to deny direct HTTP access to uploaded documents in the documents module. However, the Docker image's Apache configuration sets AllowOverride None, causing Apache to ignore all .htaccess files silently. As a result, uploaded files are exposed regardless of UI-configured role-based permissions.

An unauthenticated attacker (PR:N) can exploit this over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). By knowing the file path—disclosed in the JSON response from the upload endpoint—the attacker can directly access any uploaded document via HTTP, bypassing authentication and permissions. This yields high confidentiality impact (C:H) with no integrity or availability disruption (I:N/A:N), earning a CVSS v3.1 base score of 7.5 (S:U).

Admidio patched the issue in version 5.0.8. The GitHub security advisory GHSA-7fh7-8xqm-3g88 and patching commit (5f770c1ca81a4f6b02136280cd63316a35aabaaf) provide further details on the fix. Organizations using affected Docker deployments should upgrade immediately to mitigate exposure of sensitive uploaded files.

EU & UK References

Vulnerability details

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on adm_my_files/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache…

more

to silently ignore all .htaccess files. As a result, any file uploaded to the documents module regardless of the role-based permissions configured in the UI, is directly accessible over HTTP without authentication by anyone who knows the file path. The file path is disclosed in the upload response JSON. This issue has been patched in version 5.0.8.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Improper access control in public-facing Admidio web app (Docker/Apache) allows unauthenticated remote file access to uploaded documents, directly enabling T1190 Exploit Public-Facing Application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-32813Same product: Admidio Admidio
CVE-2026-32817Same product: Admidio Admidio
CVE-2026-32756Same product: Admidio Admidio
CVE-2026-34384Same product: Admidio Admidio
CVE-2026-39339Shared CWE-284
CVE-2026-46839Shared CWE-284
CVE-2025-26010Shared CWE-284
CVE-2026-34291Shared CWE-284
CVE-2023-47539Shared CWE-284
CVE-2026-23899Shared CWE-284

Affected Assets

admidio
admidio
5.0.0 — 5.0.8

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Establishes and enforces secure configuration settings for Apache in the Docker image to enable .htaccess processing and deny direct HTTP access to uploaded documents.

prevent

Enforces approved access control policies at the application and web server level to prevent unauthenticated direct access to protected uploaded files regardless of UI permissions.

preventdetect

Manages and monitors publicly accessible content to prevent unauthorized disclosure of sensitive uploaded documents exposed via known file paths.

References