CVE-2026-22194 — HIGH (8.8)

Q: How severe is CVE-2026-22194?

CVE-2026-22194 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-22194?

Check the references section above for vendor advisories and patch information. Affected products include: Gestsup Gestsup.

Vulnerability Description

GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce a logged-in user to submit crafted requests that perform actions with the victim's privileges. This can be exploited to create privileged accounts by targeting the administrative user creation endpoint.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Gestsup	Gestsup	<= 3.2.56

Related Weaknesses (CWE)

CWE-352

References

https://gestsup.fr/index.php?page=changelogRelease Notes
https://www.vulncheck.com/advisories/gestsup-csrf-allows-privileged-actionsThird Party Advisory

FAQ

What is CVE-2026-22194?

CVE-2026-22194 is a vulnerability with a CVSS score of 8.8 (HIGH). GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce ...

How severe is CVE-2026-22194?

CVE-2026-22194 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-22194?

Check the references section above for vendor advisories and patch information. Affected products include: Gestsup Gestsup.