CVE Catalog
CVE-2026-40799
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.31%
22th percentile - higher than 22% of all known CVEs
Summary
Versions of Simple Cloudflare Turnstile up to 1.38.0 have a vulnerability in authentication that allows unauthorized access.
Risk Assessment
Organizations may be exposed to attacks that exploit this vulnerability to hijack user sessions or gain access to protected resources.
Recommendation
It is recommended to upgrade to the latest version of Simple Cloudflare Turnstile to mitigate this vulnerability.
Original NVD description (English source)
Unauthenticated Broken Authentication in Simple Cloudflare Turnstile <= 1.38.0 versions.

