CVE-2026-8604
8.8 HIGHIn ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by ...
Published: 2026-05-19 · Last updated: 2026-05-21
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-352
Affected products
| Vendor | Product |
|---|---|
| scadabr | scadabr |
Description
In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-8605 — In ScadaBR version 1.2.0, a Use of Hard-Coded Credentials vulnerability could allow an attacker to access the SCADA system as admin (9.8 CRITICAL)
- CVE-2026-8603 — In ScadaBR version 1.2.0, an OS Command Injection vulnerability could allow an attacker to execute commands as root on the SCADA system (9.8 CRITICAL)
- CVE-2026-8602 — In ScadaBR version 1.2.0, a Missing Authentication for Critical Function vulnerability could allow an unauthenticated attacker to send a ... (9.1 CRITICAL)
Same CWE
- CVE-2026-48612 — Improper state verification in the OAuth implementation could allow an attacker to manipulate the authentication flow and cause a victim’... (8.0 HIGH)
- CVE-2022-47150 — Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery (4.3 MEDIUM)
- CVE-2022-44630 — Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery (4.6 MEDIUM)
- CVE-2024-32110 — Cross-Site request forgery (CSRF) vulnerability in Magepeople inc (4.3 MEDIUM)
- CVE-2026-53739 — Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate_post_dismiss_notice handler, which ... (4.3 MEDIUM)