A vulnerability marked as critical has been reported in aces Loris up to 27.0.2/28.0.0 . Affected by this vulnerability is an unknown functionality of the component Media Module . Performing a manipulation results in authorization bypass. This vulnerability is reported as CVE-2026-34985 . The attack is possible to be carried out remotely. No exploit exists. It is suggested to upgrade the affected component.