CVE-2026-30269

Doorman · Doorman

An improper access control vulnerability in Doorman allows authenticated users to escalate their account role to high-privileged levels via the account update endpoint.

Executive summary

A critical privilege escalation vulnerability in Doorman allows authenticated users to perform unauthorized role changes, potentially leading to full system compromise.

Vulnerability

This vulnerability involves a missing authorization check within the /platform/user/{username} endpoint. An authenticated user can manipulate the role parameter during a profile update to grant themselves administrative or other high-privileged roles.

Business impact

The ability for a standard user to escalate privileges poses a severe threat to data integrity, confidentiality, and operational control. With a CVSS score of 9.9, this vulnerability represents an imminent risk of unauthorized administrative access, which could lead to complete system takeover, unauthorized data exfiltration, and significant reputational damage.

Remediation

Immediate Action: Restrict user access to the profile update functionality until an official patch is applied or verify if the vendor has provided a specific update for these versions.

Proactive Monitoring: Review application access logs for anomalous POST or PUT requests to the /platform/user/ endpoint, specifically looking for role changes associated with non-administrative accounts.

Compensating Controls: Implement a Web Application Firewall (WAF) rule to inspect and block requests to the profile update endpoint that contain unauthorized role assignments.

Exploitation status

Public Exploit Available: False

Analyst recommendation

Given the critical CVSS severity, administrators should prioritize identifying all instances of Doorman within their environment. Immediately restrict user profile modification capabilities and prepare to apply the vendor-supplied patch as soon as it is released to prevent potential privilege escalation.