THREAT OPS › Threat News › [GHSA] GHSA-vq6j-hj8w-7v39 (medium) — Decidim: Forms admin question editor lacks authorization
[GHSA] GHSA-vq6j-hj8w-7v39 (medium) — Decidim: Forms admin question editor lacks authorization
GHSA-vq6j-hj8w-7v39 Severity: medium CVE: CVE-2026-45086
Decidim: Forms admin question editor lacks authorization
## Description
A participant can load the demographics questionnaire admin editor and make changes.
## Technical description
The demographics questionnaire editor should require admin access, but the route under `/admin/demographics/questions` renders the editor interface without
Indicators of compromise
- CVE-2026-45086cve
- https://decidim.orgurl
- https://www.radicallyopensecurity.com/url
- https://ngi.eu/url
Original source: https://github.com/advisories/GHSA-vq6j-hj8w-7v39