CVE Catalog

CVE-2026-40799

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile - higher than 22% of all known CVEs

Summary

Versions of Simple Cloudflare Turnstile up to 1.38.0 have a vulnerability in authentication that allows unauthorized access.

Risk Assessment

Organizations may be exposed to attacks that exploit this vulnerability to hijack user sessions or gain access to protected resources.

Recommendation

It is recommended to upgrade to the latest version of Simple Cloudflare Turnstile to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS