Threat Advisory

EasyAdmin Vulnerability Leads to Session Theft via Uploaded Files

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-54087 with a CVSS score of 7.6 is a vulnerability in easycorp/easyadmin-bundle that allows an attacker to upload and serve browser-executable file types, such as HTML or SVG files, via FileField and ImageField, enabling stored Cross-Site Scripting (XSS) when another user opens the uploaded file from the backend, which can lead to session/CSRF-token theft or privilege escalation. This is a high-severity vulnerability affecting easycorp/easyadmin-bundle versions >= 5.0.0, < 5.0.13 that affects versions prior to 5.0.13 of easycorp/easyadmin-bundle and requires a developer to store uploads in the public directory and a privilege gap between the uploading user and the viewing administrator, impacting business operations by potentially allowing unauthorized access to sensitive information.

RECOMMENDATION:

We recommend you to update easycorp/easyadmin-bundle to version 5.2.0 or later.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-54087 with a CVSS score of 7.6 is a vulnerability in easycorp/easyadmin-bundle that allows an attacker to upload and serve browser-executable file types, such as HTML or SVG files, via FileField and ImageField, enabling stored Cross-Site Scripting (XSS) when another user opens the uploaded file from the backend, which can lead to session/CSRF-token theft or privilege escalation. This is a high-severity vulnerability affecting easycorp/easyadmin-bundle versions >= 5.0.0, < 5.0.13 that affects versions prior to 5.0.13 of easycorp/easyadmin-bundle and requires a developer to store uploads in the public directory and a privilege gap between the uploading user and the viewing administrator, impacting business operations by potentially allowing unauthorized access to sensitive information.

RECOMMENDATION:

We recommend you to update easycorp/easyadmin-bundle to version 5.2.0 or later.[emaillocker id="1283"]

REFERENCES:

The following reports contain further technical details:

[/emaillocker]
crossmenu