[midPoint] Security Advisory: Privilege Escalation via Audit Log

[Tony Tkacik]

Date: 2. 6. 2026 
Severity: 9.0 (Critical) 
Affected versions: All midPoint versions prior to 4.8.12, 4.9.7, 4.10.3 
Fixed in versions: 4.8.12, 4.9.7, 4.10.3 

Description 

An authorized user with audit log access can exploit a bug that discloses session identifiers to escalate privileges to system administrator level. 

Note: Audit log access is a high-privilege role in midPoint, as it grants visibility into all system events and sensitive operations. 

This vulnerability requires: 
- Attacker to have authorization for audit log access (high-privilege role) 
- Administrator to be currently logged in 
- Administrator to have performed an audited action 
- Attacker to capture and reuse the session identifier 

Severity and Impact 

This is Critical Severity Issue. 
The authorized user may be able to escalate privileges to administrator-level access, which grants them unrestricted access to the MidPoint. 

Mitigation 

Users of affected midPoint versions are advised to upgrade to the latest maintenance releases: 4.8.12, 4.9.7, or 4.10.3. 

If immediate upgrade is not possible: 

1. Restrict Audit Log Access - Audit log access is a high-privilege role that should only be assigned to administrators 
2. Review audit log viewer assignments - Ensure only trusted administrators have this authorization 

This advisory is also available at [ https://docs.evolveum.com/midpoint/security/advisories/027-privilage-escalation-via-audit-log/ | https://docs.evolveum.com/midpoint/security/advisories/027-privilage-escalation-via-audit-log/ ] 

--- 
Anton Tkacik 
Backend Technical Leader & Developer 
Evolveum s.r.o. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20260602/d8578d44/attachment.htm>