Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-43934

Gravedad CVSS v3.1:
MEDIA
Tipo:
CWE-284 Control de acceso incorrecto
Fecha de publicación:
26/05/2026
Última modificación:
26/05/2026

Descripción

*** Pendiente de traducción *** e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the application depends only on a predictable identifier in the request to determine which comment to edit, without confirming the requesting user’s ownership of the comment. This vulnerability is fixed in 2.3.4.