Cross-Site Request Forgery Vulnerability in Hackage Server Product by Haskell
CVE-2026-40471

9.6CRITICAL

Key Information:

Status
Vendor: CVE Published:; 23 April 2026

What is CVE-2026-40471?

The Hackage Server by Haskell is susceptible to Cross-Site Request Forgery (CSRF) attacks due to inadequate protection mechanisms in its endpoints. This vulnerability allows malicious scripts from untrusted sites to initiate unauthorized actions on the server, such as uploading packages or creating user accounts, potentially exploiting stored credentials. The lack of authentication checks means that even unauthenticated requests can lead to significant security breaches if exploited.

References

https://osv.dev/vulnerability/HSEC-2026-0002

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2026
Vulnerability Reserved
Apr 13, 2026

CVE-2026-40471 Data

JSON