CVE-2026-40043 Pachno 1.0.6 Authentication Bypass via runSwitchUser()

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the originalusername cookie. Attackers can set the client-controlled originalusername cookie to any value and request a...

CVE-2026-40043

Pachno 1.0.6 contains an authentication bypass vulnerability (CVE-2026-40043) in the runSwitchUser() action. An authenticated, low-privilege attacker can manipulate the client-controlled original_username cookie and request a switch to user ID 1, potentially obtaining session tokens or administra...

PT-2026-32497

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser action that allows authenticated low-privilege users to escalate privileges by manipulating the original username cookie. Attackers can set the client-controlled original username cookie to any value and request a...

Pachno 1.0.6 (runSwitchUser()) Remote Vertical Privilege Escalation

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...