Cross-Site Request Forgery Vulnerability in Cotonti Product by Cotonti
CVE-2026-55741

8.7HIGH

Key Information:

Vendor: Cotonti
Status: Cotonti
Vendor: CVE Published:; 18 June 2026

What is CVE-2026-55741?

Cotonti version 1.0.0 is exposed to a Cross-Site Request Forgery (CSRF) attack due to improper validation of the anti-CSRF token in the administration configuration handler. Specifically, the configuration update action does not perform the necessary checks to validate the token when processing POST requests. This oversight allows a remote attacker to trick an authenticated administrator into executing a malicious request that modifies critical settings within the system, possibly compromising its security and functionality. Mitigation measures should be taken promptly to secure the application against such threats.

Affected Version(s)

Cotonti 1.0.0

References

https://github.com/Cotonti/Cotonti/blob/f43f1fc38ba4e0202...

technical-description

https://github.com/Cotonti/Cotonti

product

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Jun 17, 2026

Credit

Saidakbarxon Maxsudxonov (sermikro), Innova Networks

CVE-2026-55741 Data

JSON