HIGH
Azuriom
CVE published 2026-06-17
CVE-2026-54415
The CVE-2026-54415 vulnerability affects Azuriom CMS versions prior to 1.2.11. An authenticated attacker with 'admin.access' permission can exploit this issue by creating AzLink server tokens and taking over non-admin user accounts. This is achieved through crafted HTTP requests to specific endpoints, including '/admin/servers/create' and various AzLink API endpoints. The vulnerability has a CVSS score of [truncated]