CRITICALCVE-2026-40471Published Modified CNA redhat-cnalr
CVE-2026-40471: Hackage CSRF vulnerability
hackage-server lacked Cross-Site Request Forgery (CSRF) protection across its endpoints. Scripts on foreign sites could trigger requests to hackage server, possibly abusing latent credentials to upload packages or perform other administrative actions. Some unauthenticated actions could also be abused (e.g. creating new user accounts).
Metrics
- CVSS v3.1
- 9.6
- Severity
- CRITICAL
- Fixed in
- *
- Affected Products
- 1
Fix available
*
Affected packages
- unknown< * (from 0.1)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:LReferences