Primary

Context

Statping-ng Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in Statping-ng version 0.91.0. This issue allows a remote attacker with a low-privileged API token to create new administrative users by manipulating the 'admin' parameter in a POST request to the '/api/users' endpoint. The vulnerability arises from inadequate permission validation, enabling the unauthorized elevation of privileges to administrative levels.

Impact

Exploitation of this vulnerability grants full administrative access to the attacker on the affected Statping-ng instance.

Reproduction

To reproduce this vulnerability, send a POST request to the '/api/users' endpoint using a low-privileged API token. Include the 'admin' parameter in the request, setting it to 'true'. This will create a new user with administrative privileges.

Remediation

Users are advised to update to the latest version of Statping-ng, where this vulnerability has been addressed.

Added: Feb 11, 2026, 8:20 PM

Updated: Feb 11, 2026, 8:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

2.7

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.7

remediation

0.0

relevance

2.7

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Statping-ng Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating