CVE-2026-27741

Exploit

EPSS 0.14%
Veröffentlicht 23.02.2026 22:01:57
Zuletzt bearbeitet 26.02.2026 03:03:26
Quelle disclosure@vulncheck.com
CVE-Watchlists
Login
Unerledigt
Login

Bludit <= 3.16.1 CSRF in Plugin and Theme Management Endpoints

Bludit version 3.16.1 contains a cross-site request forgery (CSRF) vulnerability in the /admin/uninstall-plugin/ and /admin/install-theme/ endpoints. The application does not implement anti-CSRF tokens or other request origin validation mechanisms for these administrative actions. An attacker can induce an authenticated administrator to visit a malicious page that silently submits crafted requests, resulting in unauthorized plugin uninstallation or theme installation. This may lead to loss of functionality, execution of untrusted code via malicious themes, and compromise of system integrity.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bludit ≫ Bludit Version3.16.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.039

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
disclosure@vulncheck.com	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/bludit/bludit/issues/1577

Exploit

Issue Tracking

https://www.vulncheck.com/advisories/bludit-csrf-in-plugin-and-theme-management-endpoints

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-27741

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-27741

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-27741

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-27741