PatchSiren cyber security CVE debrief
CVE-2026-57786 purethemes CVE debrief
CVE-2026-57786 is a Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core. The issue affects WorkScout-Core from n/a through <= 1.7.08. The vulnerability has a CVSS score of 8.8 and a severity of HIGH. This type of vulnerability could allow an attacker to perform actions on behalf of a user without their consent, potentially leading to unauthorized changes or data breaches. Users of purethemes WorkScout-Core workscout-core, especially those using versions from n/a through <= 1.7.08, should be aware of this vulnerability and take necessary actions to mitigate the risk.
- Vendor
- purethemes
- Product
- WorkScout-Core
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of purethemes WorkScout-Core workscout-core, especially those using versions from n/a through <= 1.7.08, should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes administrators, security teams, and operators who manage or use the affected plugin.
Technical summary
The CVE-2026-57786 vulnerability is a Cross-Site Request Forgery (CSRF) issue in the purethemes WorkScout-Core workscout-core plugin. This vulnerability allows for Authentication Bypass. The Common Vulnerabilities and Exposures (CVE) score for this issue is 8.8, indicating a HIGH severity level. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. This vulnerability could be exploited by an attacker to perform unauthorized actions on the affected system.
Defensive priority
High priority should be given to addressing this vulnerability, as it has a high CVSS score and could lead to significant security risks if exploited.
Recommended defensive actions
- Inventory and verify the version of WorkScout-Core in use.
- Apply patches or updates provided by the vendor to address the vulnerability.
- Implement compensating controls, such as monitoring for suspicious activity.
- Consider using a Web Application Firewall (WAF) to detect and prevent CSRF attacks.
- Review relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
The CVE record was published on 2026-07-13T10:16:42.527Z and has not been modified since then. The NVD entry is currently being reviewed for accuracy and completeness. No additional information is available at this time. Further verification and validation are recommended to ensure the accuracy of this information.
Official resources
-
CVE-2026-57786 CVE record
CVE.org
-
CVE-2026-57786 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T10:16:42.527Z and has not been modified since then.