HIGH
alextselegidis
CVE published 2026-05-09
CVE-2026-42562
CVE-2026-42562 is a high-severity authorization flaw in Plainpad that lets a low-privilege authenticated user elevate themselves to administrator. The issue was publicly disclosed on 2026-05-09 and is fixed in Plainpad 1.1.1. Because the vulnerable behavior is reachable over the network by an authenticated account and can immediately unlock admin-only routes, organizations should treat this as a priority [truncated]