2 matches found
CVE-2026-40043
creationtimestamp| type| source ---|---|--- 2026-04-13 20:21:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjfowf2uza23...
CVE-2026-40043
Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...