CVE-2026-55741
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
Cotonti 1.0.0 is vulnerable to Cross-Site Request Forgery in the administration configuration handler. The configuration update action ('a=update') processes POST data without validating the anti-CSRF token, allowing for modification of configuration options through forged requests.
Risk Assessment
An attacker can lure an authenticated administrator into visiting a malicious page, potentially leading to unauthorized changes in system configuration and weakening the organization's security.
Recommendation
It is recommended to implement anti-CSRF token validation in the configuration update action and to review and update all system components to protect against such attacks.
Original NVD description (English source)
Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration configuration handler. In system/admin/admin.config.php, the configuration update action ('a=update') processes POST data via cot_config_update_options() without calling cot_check_xg() to validate the anti-CSRF token (the 'x' parameter), unlike other admin handlers (e.g. admin.structure.php, admin.cache.php). A remote attacker who lures an authenticated administrator into visiting a malicious page can force the browser to submit a forged request that modifies arbitrary core, module, or plugin configuration options, which can be leveraged to weaken security or enable further compromise.

