These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
The Cotonti 1.0.0 web application, specifically the Personal File Storage (PFS) module, is vulnerable to Cross-Site Request Forgery (CSRF). This vulnerability allows a remote attacker to force an authenticated user's browser to submit a forged request, modifying the victim's folder metadata. The issue arises from the lack of validation for the anti-CSRF token in the folder update action. A successful expl [truncated]
CVE-2026-55744 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability in Cotonti 1.0.0's Personal File Storage (PFS) module. An attacker can exploit this by luring an authenticated user to visit a malicious page, forcing their browser to submit a forged multipart request that uploads arbitrary files into the victim's PFS storage. This vulnerability has a CVSS score of 8.6 and is considered HIG [truncated]
CVE-2026-55742 is a critical Cross-Site Request Forgery (CSRF) vulnerability in Cotonti 1.0.0. The vulnerability exists in the administration rights handler, specifically in the system/admin/admin.rights.php file. An attacker can exploit this vulnerability by luring an authenticated administrator into visiting a malicious page, which can force the browser to submit a forged request that grants elevated pe [truncated]
CVE-2026-55741 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability in Cotonti 1.0.0. The vulnerability exists in the administration configuration handler, specifically in the system/admin/admin.config.php file. An attacker can exploit this vulnerability by luring an authenticated administrator to visit a malicious page, which can force the browser to submit a forged request that modifies ar [truncated]