5.3
CVE-2026-40041
- EPSS 0.11%
- Veröffentlicht 13.04.2026 18:10:57
- Zuletzt bearbeitet 17.04.2026 15:28:29
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload, milestone editing, and administrative functions to force logout, create accounts, modify roles, inject comments, or upload files when authenticated users visit attacker-controlled websites.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerPachno
≫
Produkt
Pachno
Version
1.0.6
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.11% | 0.015 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| disclosure@vulncheck.com | 5.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5983.php
https://www.vulncheck.com/advisories/pachno-cross-site-request-forgery-via-state-changing-endpoints