Lucene search
K

4 matches found

Circl
Circl
added 2026/05/08 10:50 p.m.8 views

CVE-2026-42190

creationtimestamp| type| source ---|---|--- 2026-05-08 22:50:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlesw5ku2r2n...

5.3CVSS5.8AI score0.00111EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 7:35 p.m.38 views

CVE-2026-42190 RedwoodSDK: Same-site CSRF in in server actions

RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the...

5.3CVSS0.00111EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 7:35 p.m.16 views

CVE-2026-42190

RedwoodSDK (rwsdk) server actions from version 1.0.0-beta.50 up to, but not including, 1.2.3, did not validate the Origin header, enabling same-site CSRF with the victim’s session cookie. The issue is fixed in version 1.2.3. Affected component: server actions (serverAction, RSC protocol); impact:...

5.3CVSS5.8AI score0.00111EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/08 7:35 p.m.7 views

CVE-2026-42190 RedwoodSDK: Same-site CSRF in in server actions

RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating from a different origin that the browser treats as same-site can invoke a server action with the...

5.3CVSS5.7AI score0.00111EPSS
Exploits0References2
Rows per page
Query Builder