Description
CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass authorization validation and gain full application control, circumventing restrictions on SuperAdmin account creation and privilege assignment.
Published: 2026-04-10
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation to SuperAdmin
Action: Immediate Patch
AI Analysis

Impact

CouchCMS contains a flaw that allows an authenticated Admin-level user to spoof the f_k_levels_list parameter during user sign‑up or edit. By changing the value from 4 to 10 in the HTTP request body, the user bypasses the application’s authorization check and is granted SuperAdmin privileges. This gives the attacker full control over the site, including modifying content, configuration, and other user accounts.

Affected Systems

The vulnerability affects the CouchCMS content management system. Specific affected releases were not enumerated in the available data. Users should review the site’s current CouchCMS version against the vendor’s advisories.

Risk and Exploitability

The flaw carries a CVSS score of 8.6, indicating a high severity. No EPSS data or KEV listing is available. The attack requires an authenticated session with Admin level; once the parameter is tampered, the escalation is immediate and no additional privilege is needed. Because the vector relies on a known, authenticated account, the exploitation window is limited to environments where Admin access is available to potential attackers.

Generated by OpenCVE AI on April 10, 2026 at 16:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CouchCMS to the latest version released by the vendor.
  • Verify that all user creation forms validate the f_k_levels_list parameter and that it cannot be manipulated by external input.
  • Audit existing SuperAdmin and Admin accounts for unauthorized creation or privilege changes and enforce strict access controls.

Generated by OpenCVE AI on April 10, 2026 at 16:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:couchcms:couchcms:*:*:*:*:*:*:*:*

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Couchcms
Couchcms couchcms
Vendors & Products Couchcms
Couchcms couchcms

Fri, 10 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Description CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass authorization validation and gain full application control, circumventing restrictions on SuperAdmin account creation and privilege assignment.
Title CouchCMS Privilege Escalation via f_k_levels_list Parameter
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Couchcms Couchcms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-10T16:20:02.847Z

Reserved: 2026-03-03T16:42:01.012Z

Link: CVE-2026-29002

cve-icon Vulnrichment

Updated: 2026-04-10T16:19:57.206Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T16:16:30.513

Modified: 2026-04-16T19:41:17.740

Link: CVE-2026-29002

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:01:22Z

Weaknesses