{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T17:27:55.021","vulnerabilities":[{"cve":{"id":"CVE-2026-27012","sourceIdentifier":"security-advisories@github.com","published":"2026-03-03T22:16:28.833","lastModified":"2026-03-05T18:19:03.887","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenSTAManager is an open source management software for technical assistance and invoicing. In 2.9.8 and earlier, a privilege escalation and authentication bypass vulnerability in OpenSTAManager allows any attacker to arbitrarily change a user's group (idgruppo) by directly calling modules/utenti/actions.php. This can promote an existing account (e.g. agent) into the Amministratori group as well as demote any user including existing administrators."},{"lang":"es","value":"OpenSTAManager es un software de gestión de código abierto para asistencia técnica y facturación. En la versión 2.9.8 y anteriores, una vulnerabilidad de escalada de privilegios y omisión de autenticación en OpenSTAManager permite a cualquier atacante cambiar arbitrariamente el grupo de un usuario (idgruppo) llamando directamente a modules/utenti/actions.php. Esto puede promover una cuenta existente (por ejemplo, agente) al grupo Amministratori, así como degradar a cualquier usuario, incluidos los administradores existentes."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:devcode:openstamanager:*:*:*:*:*:*:*:*","versionEndIncluding":"2.9.8","matchCriteriaId":"42CFDCCE-817A-4017-8C56-ECC90B1CF7A1"}]}]}],"references":[{"url":"https://github.com/devcode-it/openstamanager/security/advisories/GHSA-247v-7cw6-q57v","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}