← volver
CVE-2026-58476

Sustainable Irrigation Platform 5.2.16 CSRF via Administrative GET Requests

CVSS 7 HIGHCWE-352
Vexday Risk Score
18Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 7EPSS KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
14 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSRF token validation or origin verification. Attackers can trigger actions such as disabling the passphrase, rebooting the device, deleting programs, or installing plugins, with the default configuration exposing these endpoints to unauthenticated users due to no required passphrase and a default credential of 'opendoor'.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
Dan-in-CA · SIP