Szadmin Vulnerabilities
Comprehensive security vulnerability database for Szadmin products
3
0
3
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-3187 | 5.3 | This vulnerability allows an attacker to upload any type of file to a specific API endpoint, which could lead to malicious files being executed on the server. The attack can be carried out remotely, and it affects versions up to 1.3.2-beta, so it's important to upgrade to the latest version to fix the issue. | szadminsz-boot-parent | Exploit Available | about 1 month agoFeb 25, 2026 |
| CVE-2026-3186 | 5.3 | An attacker can remotely reset user passwords to a default value by manipulating a specific function in the application, potentially gaining unauthorized access to user accounts. This vulnerability affects versions up to 1.3.2-beta, and it has been publicly disclosed, so it's crucial to upgrade to version 1.3.3-beta to fix the issue. | szadminsz-boot-parent | Exploit Available | about 1 month agoFeb 25, 2026 |
| CVE-2026-3185 | 5.5 | An attacker can bypass authorization and access or manipulate messages that do not belong to them through a specific API endpoint. This vulnerability affects versions up to 1.3.2-beta and can be exploited remotely, so it's crucial to upgrade to version 1.3.3-beta to fix the issue. | szadminsz-boot-parent | Exploit Available | about 1 month agoFeb 25, 2026 |
About Szadmin Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Szadmin products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.