THREAT OPS › Threat News › [GHSA] GHSA-q79h-67vx-m9xg (medium) — Decidim: CSV census record endpoints improper authorization
[GHSA] GHSA-q79h-67vx-m9xg (medium) — Decidim: CSV census record endpoints improper authorization
GHSA-q79h-67vx-m9xg Severity: medium CVE: CVE-2026-45415
Decidim: CSV census record endpoints improper authorization
## Description
A participant manager can access and modify the CSV census record admin forms.
## Technical description
The CSV census admin record-management surface under `/admin/csv_census/census_logs` does not enforce admin-only authorization before rendering or mutating `De
Indicators of compromise
- CVE-2026-45415cve
- https://decidim.orgurl
- https://www.radicallyopensecurity.com/url
- https://ngi.eu/url
Original source: https://github.com/advisories/GHSA-q79h-67vx-m9xg