CVE-2026-46656
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk11th percentile - higher than 11% of all known CVEs
Summary
Bludit is a content management system that has a Broken Access Control flaw in versions prior to 3.22.0. Active sessions remain valid even after the corresponding user account has been physically deleted from the database, allowing unauthorized access to the system.
Risk Assessment
The organization is at risk of users whose accounts have been deleted still gaining full access to the system, potentially leading to data breaches or other abuses.
Recommendation
It is recommended to upgrade to version 3.22.0 or later to eliminate this vulnerability and secure the system against unauthorized access.
Original NVD description (English source)
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized access to the system. Version 3.22.0 fixes the issue.

