{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T10:45:11.155","vulnerabilities":[{"cve":{"id":"CVE-2026-32101","sourceIdentifier":"security-advisories@github.com","published":"2026-03-11T21:16:16.010","lastModified":"2026-03-17T15:24:39.413","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.3.1, the S3 storage manager's isAuthorized() function is declared async (returns Promise<boolean>) but is called without await in both the POST and PUT handlers. Since a Promise object is always truthy in JavaScript, !isAuthorized(type) always evaluates to false, completely bypassing the authorization check. Any authenticated user with the lowest visitor role can upload, delete, rename, and list all files in the S3 bucket. This vulnerability is fixed in 0.3.1."},{"lang":"es","value":"StudioCMS es un sistema de gestión de contenido sin cabeza, nativo de Astro, renderizado en el lado del servidor. Antes de la versión 0.3.1, la función isAuthorized() del gestor de almacenamiento de S3 está declarada como asíncrona (devuelve Promise) pero es llamada sin await tanto en los manejadores POST como PUT. Dado que un objeto Promise siempre es verdadero en JavaScript, !isAuthorized(type) siempre se evalúa como falso, omitiendo completamente la verificación de autorización. Cualquier usuario autenticado con el rol de visitante más bajo puede cargar, eliminar, renombrar y listar todos los archivos en el bucket de S3. Esta vulnerabilidad está corregida en la versión 0.3.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:studiocms:studiocms:*:*:*:*:*:*:*:*","versionEndExcluding":"0.3.1","matchCriteriaId":"71B8597F-CE95-4810-B95F-E67627E84144"}]}]}],"references":[{"url":"https://github.com/withstudiocms/studiocms/security/advisories/GHSA-mm78-fgq8-6pgr","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}