CVE-2026-57518
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk38th percentile — higher than 38% of all known CVEs
Summary
Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to assign arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction(). Attackers can assign themselves a custom role with the 'system: manage packages' permission and then upload and install a malicious PHP package through the admin package installer to achieve remote code execution.
Risk Assessment
The risk for the organization includes the possibility of full system takeover by an authenticated user, potentially leading to data theft, content modification, or further attacks on the infrastructure.
Recommendation
It is recommended to immediately update Pagekit CMS to the latest version that fixes this vulnerability, and restrict the 'user: manage users' permission to trusted administrators only.
Original NVD description (English source)
Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to themselves due to missing authorization checks in UserApiController::saveAction(). Attackers can assign themselves a custom role with the 'system: manage packages' permission and then upload and install a malicious PHP package through the admin package installer to achieve remote code execution.

