CVE Catalog

CVE-2026-54220

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile — higher than 8% of all known CVEs

Summary

uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions.

Risk Assessment

The lack of CSRF protection may lead to unauthorized actions on behalf of users, posing a serious threat to the organization's data security.

Recommendation

It is recommended to implement appropriate CSRF protection mechanisms and update to the latest version of the software if possible.

Original NVD description (English source)

uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS