Cross-Site Request Forgery Vulnerability in Cotonti by Cotonti
CVE-2026-55744

8.6HIGH

Key Information:

Vendor: Cotonti
Status: Cotonti
Vendor: CVE Published:; 18 June 2026

What is CVE-2026-55744?

The Cotonti 1.0.0 web application is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability within its Personal File Storage (PFS) module. The issue arises due to the lack of CSRF token validation during the file upload process. Remote attackers can exploit this flaw by tricking authenticated users into visiting a malicious site, resulting in unauthorized file uploads to the user's PFS storage. This vulnerability highlights the importance of implementing robust security mechanisms to safeguard against CSRF attacks.

Affected Version(s)

Cotonti 1.0.0

References

https://github.com/Cotonti/Cotonti/blob/f43f1fc38ba4e0202...

technical-description

https://github.com/Cotonti/Cotonti

product

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Jun 17, 2026

Credit

Saidakbarxon Maxsudxonov (sermikro), Innova Networks

CVE-2026-55744 Data

JSON