CVE-2026-31070

Published: May 19, 2026

Modified: May 20, 2026

PUBLISHED

Description

The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/signup endpoint fails to validate the role parameter in the request body

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/LalanaChami/Pharmacy-Mangment-System/blob/5c3d02888631166649856f71d542387114b3010b/backend/routes/user.js#L16

https://gist.github.com/nedlir/22bf6d1a3a07209be3e343744bc81d51

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-31070

Description

Affected Products

References