CVE Catalog

CVE-2026-31016

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

A Cross-Site Request Forgery (CSRF) vulnerability has been found in Squidex CMS version 7.21.0 and earlier. An attacker can exploit the IdentityServer account profile endpoint to escalate privileges without the victim's knowledge.

Risk Assessment

The risk involves potential account takeover or privilege escalation by tricking an authenticated user into performing unintended actions. This could lead to full compromise of the CMS system.

Recommendation

Immediately upgrade Squidex CMS to a version later than 7.21.0 that includes the CSRF fix. Additionally, implement CSRF protection mechanisms such as anti-CSRF tokens.

Original NVD description (English source)

Cross Site Request Forgery vulnerability in Squidex.io Squidex CMS v.7.21.0 and before allows a remote attacker to escalate privileges via the IdentityServer account profile endpoint

Vulnerability data from NVD (NIST) · CISA KEV · EPSS