CVE Catalog

CVE-2026-55742

CriticalCVSS 9.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.23%

13th percentile — higher than 13% of all known CVEs

Summary

Cotonti 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) in the administration rights handler. The rights update action ('a=update') in system/admin/admin.rights.php does not validate the anti-CSRF token, allowing a remote attacker to grant elevated permissions to an attacker-controlled group.

Risk Assessment

An attacker can exploit this vulnerability to escalate privileges to administrator level, posing a risk of remote code execution and unauthorized modifications of templates and configurations.

Recommendation

It is recommended to implement anti-CSRF token validation in the rights update action and to review and update the system to the latest version to minimize risk.

Original NVD description (English source)

Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action ('a=update') modifies group access rights (including via cot_auth_add_group) without calling cot_check_xg() to validate the anti-CSRF token. A remote attacker who lures an authenticated administrator into visiting a malicious page can force the browser to submit a forged request that grants elevated permissions to an attacker-controlled group, escalating privileges to administrator. Because Cotonti administrators can modify templates and configuration, this can be further leveraged toward remote code execution.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS