CVE-2026-40484 | ChurchCRM up to 7.1.x Restore Endpoint Images/ recursiveCopyDirectory privileges management (GHSA-2932-77f9-62fx)

A vulnerability identified as critical has been detected in ChurchCRM up to 7.1.x. Impacted is the function recursiveCopyDirectory of the file Images/ of the component Restore Endpoint. Performing a manipulation results in improper privilege management.

This vulnerability was named CVE-2026-40484. The attack may be initiated remotely. There is no available exploit.

You should upgrade the affected component.VulDB Recent EntriesRead More