THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-vq6j-hj8w-7v39 (medium) — Decidim: Forms admin question editor lacks authorization

[GHSA] GHSA-vq6j-hj8w-7v39 (medium) — Decidim: Forms admin question editor lacks authorization

highgithub_advisoriesPublished 2026-07-13

GHSA-vq6j-hj8w-7v39 Severity: medium CVE: CVE-2026-45086

Decidim: Forms admin question editor lacks authorization

## Description

A participant can load the demographics questionnaire admin editor and make changes.

## Technical description

The demographics questionnaire editor should require admin access, but the route under `/admin/demographics/questions` renders the editor interface without

Indicators of compromise

Original source: https://github.com/advisories/GHSA-vq6j-hj8w-7v39