Description
The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body
Published: 2026-05-19
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 20 May 2026 18:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Unauthenticated Role Assignment in Pharmacy Management System

Wed, 20 May 2026 17:15:00 +0000

Type Values Removed Values Added
Title Unauthenticated Administrator Role Assignment in LalanaChami Pharmacy Management System
Weaknesses CWE-284
CWE-285

Wed, 20 May 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 20 May 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Lalanachami
Lalanachami pharmacy Management System
Vendors & Products Lalanachami
Lalanachami pharmacy Management System

Tue, 19 May 2026 16:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated Administrator Role Assignment in LalanaChami Pharmacy Management System
Weaknesses CWE-284
CWE-285

Tue, 19 May 2026 15:45:00 +0000

Type Values Removed Values Added
Description The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body
References

Subscriptions

Lalanachami Pharmacy Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-20T13:55:31.179Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31070

cve-icon Vulnrichment

Updated: 2026-05-20T13:55:26.269Z

cve-icon NVD

Status : Deferred

Published: 2026-05-19T16:16:20.363

Modified: 2026-06-17T10:33:21.343

Link: CVE-2026-31070

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-20T18:30:36Z

Weaknesses