CVE-2026-42562— Plainpad: Privilege Escalation via Writable Admin Field in Profile Update (Access Control)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42562
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Plainpad: Privilege Escalation via Writable Admin Field in Profile Update (Access Control)
Source: NVD (National Vulnerability Database)
Vulnerability Description
Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/users/{id}. The endpoint directly persists the admin attribute from user input, and the escalated account can immediately access admin-only routes. This issue has been patched in version 1.1.1.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
特权管理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Plainpad 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Plainpad是Alex Tselegidis个人开发者的一款自托管的笔记应用。 Plainpad 1.1.1之前版本存在安全漏洞,该漏洞源于允许低权限用户通过PUT请求中的admin参数自提升为管理员,可能导致权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| alextselegidis | plainpad | < 1.1.1 | - |
II. Public POCs for CVE-2026-42562
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 12939 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-42562
请登录查看更多情报信息。
- Release 1.1.1 · alextselegidis/plainpad · GitHubx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2026-42562
IV. Related Vulnerabilities
Same vendor: alextselegidis
- CVE-2026-23622
CSRF Protection Bypass: Sensitive endpoints accept GET reque - CVE-2025-31828
WordPress Easy!Appointments plugin <= 1.4.2 - Cross Site Req - CVE-2024-0698
Easy!Appointments <= 1.3.1 - Authenticated (Contributor+) St - CVE-2023-3700
Authorization Bypass Through User-Controlled Key in alextsel - CVE-2023-3568
Open Redirect in alextselegidis/easyappointments
Same weakness: CWE-269
- CVE-2025-62625
KVM密钥下载组件权限管理不当漏洞 - CVE-2026-5193
Essential Addons for Elementor – Popular Elementor Templates - CVE-2026-42289
ChurchCRM: Cross-Site Request Forgery (CSRF) Leading to Admi - CVE-2026-44224
Wiki.js: Privilege Escalation via Missing Group Validation i - CVE-2026-44218
ciguard: Container image runs as root (no USER directive)
V. Comments for CVE-2026-42562
No comments yet