CVE-2026-13544
published 2026-06-29CVE-2026-13544: A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This…
PriorityP343medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.21%
11.8th percentile
A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| feehi | cms | — | — |
| feehi | cms | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
A flaw has been found in Feehi CMS up to 2.1.1.
ghsa_unreviewed·2026-06-29
CVE-2026-13544 [LOW] CWE-266 A flaw has been found in Feehi CMS up to 2.1.1.
A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
VulDB
Feehi CMS up to 2.1.1 API /api/users access control (Issue 88)
vuldb·2026-06-28
CVE-2026-13544 [CRITICAL] Feehi CMS up to 2.1.1 API /api/users access control (Issue 88)
A vulnerability identified as critical has been detected in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls.
This vulnerability is handled as CVE-2026-13544. The attack can be initiated remotely. Additionally, an exploit exists.
The project was informed of the problem early through an issue report but has not responded yet.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-29
Published