Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 13 Jul 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 13 Jul 2026 18:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Shiori contains a privilege escalation vulnerability in the account update endpoint that allows authenticated users to modify the owner field without authorization checks. Attackers can escalate to administrator by submitting a crafted PATCH request with owner: true, then re-authenticate to obtain an admin JWT token granting full system access. | |
| Title | Shiori Authenticated Privilege Escalation via PATCH /api/v1/auth/account | |
| First Time appeared |
Go-shiori
Go-shiori shiori |
|
| Weaknesses | CWE-269 | |
| CPEs | cpe:2.3:a:go-shiori:shiori:*:*:*:*:*:go:*:* | |
| Vendors & Products |
Go-shiori
Go-shiori shiori |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-13T18:27:34.112Z
Reserved: 2026-07-09T14:07:55.624Z
Link: CVE-2026-61463
Updated: 2026-07-13T18:27:28.408Z
No data.
No data.
OpenCVE Enrichment
No data.