SysReptor Privilege Escalation Vulnerability Allowing Unauthorized Access to Superuser Functions
Vulnerability
A privilege escalation vulnerability has been identified in SysReptor versions prior to 2026.29. Users with 'User Admin' permissions can change the email addresses of 'Superuser' accounts. If the 'Forgot Password' feature is enabled, they can reset the passwords of Superusers and gain access, provided the Superuser does not have multi-factor authentication enabled. This exploitation allows access to the Django admin backend or the ability to modify SysReptor settings. Additionally, user managers can access all pentest projects by granting themselves 'Project Admin' permissions, a feature that is intentionally designed.
Impact
Exploitation of this vulnerability allows 'User Admin' users to escalate their privileges to 'Superuser' level, bypassing authentication measures and accessing sensitive administrative functions and all pentest projects.
Remediation
To address this vulnerability, users can upgrade to SysReptor version 2026.29, disable the 'Forgot Password' functionality, ensure all Superusers have multi-factor authentication configured, or disable local authentication for SSO users in the user management settings.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.