Cross-Site Request Forgery Vulnerability in DivvyDrive by DivvyDrive Information Technologies Inc.
CVE-2026-5791

9.6CRITICAL

Key Information:

Vendor: Divvydrive Information Technologies Inc.
Status: Divvydrive
Vendor: CVE Published:; 7 May 2026

🔔 Create Divvydrive Information Technologies Inc. Vulnerability Alert

What is CVE-2026-5791?

DivvyDrive Information Technologies Inc. has reported a vulnerability that allows for Cross-Site Request Forgery (CSRF) attacks in specific versions of their product. This vulnerability affects versions 4.8.2.9 to just below 4.8.3.2, potentially allowing malicious actors to perform actions on behalf of authenticated users without their consent. Organizations using affected versions are advised to implement necessary security measures to safeguard user data and prevent unauthorized actions within the application.

Affected Version(s)

DivvyDrive 4.8.2.9 < 4.8.3.2

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/...

government-resource

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 8, 2026

Credit

Çağatay CEYHAN

CVE-2026-5791 Data

JSON