Cross-Site Request Forgery Vulnerability in QuickCMS by Open Solution
CVE-2026-1468

5.1MEDIUM

Key Information:

Vendor: Opensolution
Status: Quickcms
Vendor: CVE Published:; 6 March 2026

🔔 Create Opensolution Vulnerability Alert

What is CVE-2026-1468?

QuickCMS, developed by Open Solution, is susceptible to a Cross-Site Request Forgery vulnerability that compromises user security across multiple endpoints. Attackers can exploit this flaw by creating malicious websites that, when accessed by a victim, automatically send unauthorized POST requests utilizing the victim's privileges. Unfortunately, QuickCMS lacks any protective mechanisms against such attacks, rendering all forms within the software potentially vulnerable. While version 6.8 has been tested and confirmed as vulnerable, it remains uncertain whether other untested versions may also be affected, as the vendor has not provided further details on the vulnerable version range.

Affected Version(s)

QuickCMS 6.8

References

https://cert.pl/posts/2026/03/CVE-2026-1468

third-party-advisory

https://opensolution.org/cms-system-quick-cms.html

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2026
Vulnerability Reserved
Jan 27, 2026

Credit

Michał Biesiada

CVE-2026-1468 Data

JSON