CVE-2026-57690
MediumCVSS 4.3Summary
The Werkstatt plugin version 4.7.2 and earlier contains an unauthenticated Cross-Site Request Forgery (CSRF) vulnerability. An attacker can exploit this flaw to perform unauthorized actions on behalf of an authenticated administrator.
Risk Assessment
The risk involves an attacker being able to execute unauthorized administrative operations, such as changing plugin settings or injecting malicious content, without the victim's knowledge.
Recommendation
It is recommended to immediately update the Werkstatt plugin to the latest available version that addresses this vulnerability. Also consider implementing CSRF protection mechanisms such as synchronizer tokens.
Original NVD description (English source)
Unauthenticated Cross Site Request Forgery (CSRF) in Werkstatt <= 4.7.2 versions.

