Plataforma
other
Componente
bootdo
Corrigido em
93.0.1
A cross-site request forgery (CSRF) vulnerability has been identified in BootDo versions up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. This flaw allows an attacker to trick a user into performing unintended actions on the application. Due to BootDo's rolling release model, specific affected versions are not available, but all users of this version range are potentially at risk. A public exploit is available.
The CSRF vulnerability in BootDo allows an attacker to execute unauthorized actions on behalf of an authenticated user. This could involve modifying configurations, creating or deleting resources, or performing other sensitive operations. The remote nature of the attack means an attacker does not need to be on the same network as the victim. The availability of a public exploit significantly increases the likelihood of exploitation, potentially leading to widespread compromise if not addressed promptly. Given the lack of specific versioning, the impact is broad across all users of the affected commit hash.
This vulnerability is publicly known and has a public proof-of-concept available, indicating a higher probability of exploitation. The CVE was published on 2026-02-04. The EPSS score is pending evaluation. No KEV listing is currently available.
Organizations utilizing BootDo in environments where user authentication is required are at risk. This includes deployments where sensitive data or critical operations are managed through the application. The lack of versioning makes it difficult to pinpoint specific deployments, so a broad assessment is recommended.
disclosure
Status do Exploit
EPSS
0.01% (percentil 0%)
CISA SSVC
Vetor CVSS
Due to BootDo's rolling release strategy, traditional patching is not possible. The primary mitigation is to implement robust input validation and CSRF protection mechanisms. This includes validating all user inputs and using CSRF tokens to prevent unauthorized requests. Consider implementing a Web Application Firewall (WAF) with CSRF protection rules to filter malicious requests. Regularly review and update security policies to address emerging threats. Verification can be performed by attempting to trigger an action as a logged-in user from a separate browser session and confirming that the action is blocked.
Atualizar para a última versão disponível de BootDo. Devido ao uso de uma estratégia de rolling release, a atualização contínua é a melhor maneira de mitigar a vulnerabilidade.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2026-1835 is a cross-site request forgery vulnerability affecting BootDo versions up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb, allowing attackers to perform unauthorized actions.
If you are using BootDo versions up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb, you are potentially affected by this vulnerability due to the rolling release model.
Due to the rolling release, patching is not possible. Implement robust input validation and CSRF tokens to mitigate the risk.
A public exploit exists, indicating a potential for active exploitation, so immediate mitigation is recommended.
Refer to the BootDo documentation and security announcements for the latest information regarding this vulnerability.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.