CVE-2026-54415 Azuriom CVE debrief

Who should care

Administrators and users of Azuriom CMS, especially those with 'admin.access' permissions, should be aware of this vulnerability and take immediate action to update their installations. Additionally, users who have accounts on Azuriom CMS instances should be cautious of potential account takeover attempts.

Technical summary

The vulnerability is caused by missing authorization in the server management routes (routes/admin.php) of Azuriom CMS before version 1.2.11. An authenticated attacker with 'admin.access' permission can exploit this by sending crafted HTTP requests to '/admin/servers/create' and AzLink API endpoints, such as '/api/azlink/password', '/api/azlink/email', and '/api/azlink/user/{id}'. This allows the attacker to create AzLink server tokens and modify non-admin user accounts by changing their passwords and email addresses.

Defensive priority

High

Recommended defensive actions

• Update Azuriom CMS to version 1.2.11 or later immediately.
• Restrict access to server management routes and AzLink API endpoints.
• Monitor for suspicious activity, especially account changes and new AzLink server tokens.
• Implement additional authentication and authorization checks for admin actions.
• Regularly review and update user permissions and access levels.
• Consider implementing a Web Application Firewall (WAF) to detect and prevent similar attacks.

Evidence notes

The information provided is based on the CVE-2026-54415 record and related sources from NVD and GitHub. The vulnerability was published on June 17, 2026, and the information provided seems reliable. However, the actual impact and exploitability may vary depending on specific configurations and usage scenarios of Azuriom CMS.

Official resources