CVE-2026-54220
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions.
Risk Assessment
The lack of CSRF protection may lead to unauthorized actions on behalf of users, posing a serious threat to the organization's data security.
Recommendation
It is recommended to implement appropriate CSRF protection mechanisms and update to the latest version of the software if possible.
Original NVD description (English source)
uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.

