CVE-2026-7468 PUBLISHED

1024-lab smart-admin Demo Site index.html access control

Assigner: VulDB
Reserved: 29.04.2026 Published: 30.04.2026 Updated: 30.04.2026

A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
CVSS Score: 6.9

Product Status

Vendor 1024-lab
Product smart-admin
Versions
  • Version 3.0 is affected
  • Version 3.1 is affected
  • Version 3.2 is affected
  • Version 3.3 is affected
  • Version 3.4 is affected
  • Version 3.5 is affected
  • Version 3.6 is affected
  • Version 3.7 is affected
  • Version 3.8 is affected
  • Version 3.9 is affected
  • Version 3.10 is affected
  • Version 3.11 is affected
  • Version 3.12 is affected
  • Version 3.13 is affected
  • Version 3.14 is affected
  • Version 3.15 is affected
  • Version 3.16 is affected
  • Version 3.17 is affected
  • Version 3.18 is affected
  • Version 3.19 is affected
  • Version 3.20 is affected
  • Version 3.21 is affected
  • Version 3.22 is affected
  • Version 3.23 is affected
  • Version 3.24 is affected
  • Version 3.25 is affected
  • Version 3.26 is affected
  • Version 3.27 is affected
  • Version 3.28 is affected
  • Version 3.29 is affected
  • Version 3.30.0 is affected

Credits

  • renyu (VulDB User) reporter
  • VulDB CNA Team coordinator

References

Problem Types

  • Improper Access Controls CWE
  • Incorrect Privilege Assignment CWE