Vulnerability Description
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload, milestone editing, and administrative functions to force logout, create accounts, modify roles, inject comments, or upload files when authenticated users visit attacker-controlled websites.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://www.vulncheck.com/advisories/pachno-cross-site-request-forgery-via-state
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5983.php
FAQ
What is CVE-2026-40041?
CVE-2026-40041 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changi...
How severe is CVE-2026-40041?
CVE-2026-40041 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-40041?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.