← back
CVE-2026-40043

Pachno 1.0.6 Authentication Bypass via runSwitchUser()

CVSS 7.1 HIGHEPSS 0.3%CWE-639
Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username cookie. Attackers can set the client-controlled original_username cookie to any value and request a switch to user ID 1 to obtain session tokens or password hashes belonging to administrator accounts.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
pancho · Pachno
public PoCs found1
cve_referencewww.zeroscience.mk/#/advisories/ZSL-2026-5985unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.vulncheck.com/advisories/pachno-authentication-bypass-via-runswitchuserhttps://www.zeroscience.mk/#/advisories/ZSL-2026-5985https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5985.php