CVE-2026-30269
Doorman · Doorman
An improper access control vulnerability in Doorman allows authenticated users to escalate their account role to high-privileged levels via the account update endpoint.
Executive summary
A critical privilege escalation vulnerability in Doorman allows authenticated users to perform unauthorized role changes, potentially leading to full system compromise.
Vulnerability
This vulnerability involves a missing authorization check within the /platform/user/{username} endpoint. An authenticated user can manipulate the role parameter during a profile update to grant themselves administrative or other high-privileged roles.
Business impact
The ability for a standard user to escalate privileges poses a severe threat to data integrity, confidentiality, and operational control. With a CVSS score of 9.9, this vulnerability represents an imminent risk of unauthorized administrative access, which could lead to complete system takeover, unauthorized data exfiltration, and significant reputational damage.
Remediation
Immediate Action: Restrict user access to the profile update functionality until an official patch is applied or verify if the vendor has provided a specific update for these versions.
Proactive Monitoring: Review application access logs for anomalous POST or PUT requests to the /platform/user/ endpoint, specifically looking for role changes associated with non-administrative accounts.
Compensating Controls: Implement a Web Application Firewall (WAF) rule to inspect and block requests to the profile update endpoint that contain unauthorized role assignments.
Exploitation status
Public Exploit Available: False
Analyst recommendation
Given the critical CVSS severity, administrators should prioritize identifying all instances of Doorman within their environment. Immediately restrict user profile modification capabilities and prepare to apply the vendor-supplied patch as soon as it is released to prevent potential privilege escalation.