PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-57786 purethemes CVE debrief

CVE-2026-57786 is a Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core. The issue affects WorkScout-Core from n/a through <= 1.7.08. The vulnerability has a CVSS score of 8.8 and a severity of HIGH. This type of vulnerability could allow an attacker to perform actions on behalf of a user without their consent, potentially leading to unauthorized changes or data breaches. Users of purethemes WorkScout-Core workscout-core, especially those using versions from n/a through <= 1.7.08, should be aware of this vulnerability and take necessary actions to mitigate the risk.

Vendor
purethemes
Product
WorkScout-Core
CVSS
HIGH 8.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of purethemes WorkScout-Core workscout-core, especially those using versions from n/a through <= 1.7.08, should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes administrators, security teams, and operators who manage or use the affected plugin.

Technical summary

The CVE-2026-57786 vulnerability is a Cross-Site Request Forgery (CSRF) issue in the purethemes WorkScout-Core workscout-core plugin. This vulnerability allows for Authentication Bypass. The Common Vulnerabilities and Exposures (CVE) score for this issue is 8.8, indicating a HIGH severity level. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This vulnerability could be exploited by an attacker to perform unauthorized actions on the affected system.

Defensive priority

High priority should be given to addressing this vulnerability, as it has a high CVSS score and could lead to significant security risks if exploited.

Recommended defensive actions

  • Inventory and verify the version of WorkScout-Core in use.
  • Apply patches or updates provided by the vendor to address the vulnerability.
  • Implement compensating controls, such as monitoring for suspicious activity.
  • Consider using a Web Application Firewall (WAF) to detect and prevent CSRF attacks.
  • Review relevant monitoring, detection, and logs for exposed assets that need extra review.

Evidence notes

The CVE record was published on 2026-07-13T10:16:42.527Z and has not been modified since then. The NVD entry is currently being reviewed for accuracy and completeness. No additional information is available at this time. Further verification and validation are recommended to ensure the accuracy of this information.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:42.527Z and has not been modified since then.