4 matches found
CVE-2026-42190
creationtimestamp| type| source ---|---|--- 2026-05-08 22:50:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlesw5ku2r2n...
CVE-2026-42190 RedwoodSDK: Same-site CSRF in in server actions
RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the...
CVE-2026-42190
RedwoodSDK (rwsdk) server actions from version 1.0.0-beta.50 up to, but not including, 1.2.3, did not validate the Origin header, enabling same-site CSRF with the victim’s session cookie. The issue is fixed in version 1.2.3. Affected component: server actions (serverAction, RSC protocol); impact:...
CVE-2026-42190 RedwoodSDK: Same-site CSRF in in server actions
RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the...