Cross-Site Request Forgery Vulnerability in KTM System e-BOK
CVE-2026-35096

5.1MEDIUM

Key Information:

Vendor: Ktm System
Status: E-bok
Vendor: CVE Published:; 30 June 2026

What is CVE-2026-35096?

KTM System e-BOK is exposed to a Cross-Site Request Forgery (CSRF) vulnerability in its email and password change functionalities. This flaw permits attackers to create malicious websites that, upon being visited by an authenticated user, could send forged POST requests to the application. Consequently, an attacker could manipulate the application to change the victim's email or password without their consent or knowledge, compromising user accounts and overall data integrity. A security patch addressing this vulnerability was released in June 2026.

Affected Version(s)

e-BOK 0 < 06.2026

References

https://cert.pl/posts/2026/06/CVE-2026-35095/

third-party-advisory

https://ktmsystem.pl/internetowe-biuro-obslugi-klienta/

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 30, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

Jacek Korta

CVE-2026-35096 Data

JSON

Ktm System

What is CVE-2026-35096?

Affected Version(s)

References

CVSS V4

Timeline

Credit