{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/amendment/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-40869"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Decidim"],"_cs_severities":["medium"],"_cs_tags":["decidim","vulnerability","amendment","manipulation"],"_cs_type":"advisory","_cs_vendors":["Decidim"],"content_html":"\u003cp\u003eDecidim is an open-source participatory democracy framework used by organizations to facilitate online discussions and decision-making. A vulnerability, CVE-2026-40869, affects Decidim versions 0.19.0 prior to 0.30.5 and 0.31.1. This flaw allows any registered and authenticated user to accept or reject amendments to proposals, even if they are not the original author. This can lead to unauthorized modification of proposals and the elevation of malicious users to co-authorship status, potentially undermining the integrity of the participatory process. The vulnerability was reported on 2026-04-21. Organizations using vulnerable versions of Decidim are at risk of having their proposals manipulated and their decision-making processes subverted.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker registers an account on the Decidim platform.\u003c/li\u003e\n\u003cli\u003eAttacker authenticates to the Decidim platform using their registered credentials.\u003c/li\u003e\n\u003cli\u003eAttacker identifies a proposal with the \u0026quot;amendments\u0026quot; feature enabled.\u003c/li\u003e\n\u003cli\u003eAttacker views the available amendments for the target proposal through the web interface (HTTP GET request to view amendment details).\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP POST request to either accept or reject an amendment, bypassing intended authorization checks.\u003c/li\u003e\n\u003cli\u003eThe Decidim application incorrectly processes the attacker's request, allowing the attacker to modify the amendment's status.\u003c/li\u003e\n\u003cli\u003eIf the attacker accepts the amendment, they may be elevated to co-authorship of the original proposal.\u003c/li\u003e\n\u003cli\u003eThe altered amendment status is reflected on the Decidim platform, potentially influencing voting or decision-making processes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-40869 allows any registered user to manipulate amendments within Decidim proposals. This can lead to unauthorized modifications, data tampering, and the potential for a malicious actor to hijack the authorship of proposals. The number of affected organizations depends on the adoption rate of vulnerable Decidim versions. If successful, this can erode trust in the platform, manipulate democratic processes, and ultimately undermine the organization's decision-making capabilities.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Decidim to version 0.30.5 or 0.31.1 to patch CVE-2026-40869.\u003c/li\u003e\n\u003cli\u003eAs a temporary workaround, disable amendment reactions for amendable components within Decidim, as recommended in the vulnerability description.\u003c/li\u003e\n\u003cli\u003eMonitor Decidim web server logs for suspicious POST requests to amendment endpoints originating from unusual IP addresses using the provided Sigma rule.\u003c/li\u003e\n\u003cli\u003eImplement the Sigma rule to detect unauthorized amendment modifications based on HTTP request parameters.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-02T12:00:00Z","date_published":"2024-01-02T12:00:00Z","id":"https://feed.craftedsignal.io/briefs/2024-01-decidim-vuln/","summary":"CVE-2026-40869 allows authenticated users to manipulate amendments in Decidim versions 0.19.0 prior to 0.30.5 and 0.31.1, potentially hijacking authorship and impacting proposal integrity.","title":"Decidim Amendment Manipulation Vulnerability (CVE-2026-40869)","url":"https://feed.craftedsignal.io/briefs/2024-01-decidim-vuln/"}],"language":"en","title":"CraftedSignal Threat Feed - Amendment","version":"https://jsonfeed.org/version/1.1"}