CVE Catalog

CVE-2026-57690

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Summary

The Werkstatt plugin version 4.7.2 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions on behalf of an authenticated administrator.

Risk Assessment

The risk involves an attacker being able to execute unauthorized administrative operations, such as changing plugin settings or injecting malicious content, without the victim's knowledge.

Recommendation

It is recommended to immediately update the Werkstatt plugin to the latest available version that addresses this vulnerability. Also consider implementing CSRF protection mechanisms such as synchronizer tokens.

Original NVD description (English source)

Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS