CVE-2026-1153

EUVD-2026-3220
A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
VulDBCNA
4.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
technical-laohumpay
𝑥
≤ 1.2.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/bdkuzma/vuln/issues/18
https://vuldb.com/?ctiid.341746
https://vuldb.com/?id.341746
https://vuldb.com/?submit.735789