CVE-2026-28281 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderato…
High CVSS: 7.1

CVE-2026-28281

InstantCMS is a free and open source content management system. Prior to 2.18.1, InstantCMS does not validate CSRF tokens, which allows attackers grant moderator privileges to users, execute scheduled tasks, move posts to trash, and accept friend requests on behalf of the user. This vulnerability is fixed in 2.18.1.
Vendor
Instantcms
Product
Instantcms
CWE
CWE-352
Yayın Tarihi
2026-03-10 17:38:39
Güncelleme
2026-03-13 16:19:38
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-352 Instantcms HIGH Instantcms 2026

Referanslar

https://github.com/instantsoft/icms2/security/advisories/GHSA-pp43-262q-h73m