CVE-2026-1468

Severity CVSS v4.0:

MEDIUM

Type:

CWE-352 Cross-Site Request Forgery (CSRF)

Publication date:

06/03/2026

Last modified:

27/04/2026

Description

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim&#39;s privileges.<br /> This software does not implement any protection against this type of attack. All forms available in this software are potentially vulnerable.<br /> <br /> The vendor was notified early about this vulnerability, but didn&#39;t respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 5.10 MEDIUM
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): None
User Interaction (UI): Active
Confidentiality (VC): None
Integrity (VI): Low
Availability (VA): None
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None

Base Score 4.0

5.10

Severity 4.0

MEDIUM

CVE-2026-1468

Description

Impact

References to Advisories, Solutions, and Tools