Primary

Context

Winter CMS Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability has been identified in Winter CMS versions prior to 1.0.477, 1.1.12, and 1.2.12. This vulnerability allows authenticated backend users to increase their access level by manipulating the roles and permissions assigned to their accounts. The issue arises from the ability to send specially crafted requests to the backend while logged in. To exploit this vulnerability, an attacker must have access to the backend with a user account that has any level of access.

Impact

Exploitation of this vulnerability allows for unauthorized modification of user roles and permissions, leading to elevated access rights within the Winter CMS backend.

Remediation

Users are advised to update Winter CMS to version 1.0.477, 1.1.12, or 1.2.12. If an immediate upgrade is not possible, the changes from these releases can be applied manually to resolve the issue.

Added: Mar 11, 2026, 10:40 PM

Updated: Mar 11, 2026, 10:40 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

5.4

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

5.4

remediation

7.7

relevance

3.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Winter CMS Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Winter CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating