CVE-2026-22194
BaseFortify
Publication date: 2026-01-09
Last updated on: 2026-01-09
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gestsup | gestsup | to 3.2.56 (inc) |
| gestsup | gestsup | From 3.2.45 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-22194 is a Cross-Site Request Forgery (CSRF) vulnerability in GestSup versions up to and including 3.2.56. The application does not verify the authenticity of client requests, allowing an attacker to trick a logged-in user into submitting malicious requests that execute actions with the victim's privileges. This can be exploited to create privileged accounts by targeting the administrative user creation endpoint. [2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to perform privileged actions on behalf of a logged-in user without their consent, including creating privileged accounts. This can lead to unauthorized access, potential data breaches, and compromise of system integrity and availability. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this CSRF vulnerability involves monitoring for unauthorized or suspicious requests to the administrative user creation endpoint, especially those that could create privileged accounts without proper authentication. Since the vulnerability requires a logged-in user to be tricked into submitting crafted requests, network detection could focus on unusual POST requests to the admin user creation URL. Specific commands depend on your environment, but generally, you can use web server access logs or network traffic analysis tools. For example, using grep on server logs to find POST requests to the user creation endpoint: grep 'POST /admin/user/create' /var/log/apache2/access.log or using tools like Wireshark or tcpdump to capture HTTP traffic and filter for suspicious requests. Additionally, checking for unexpected new privileged accounts in the GestSup application can indicate exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading GestSup to version 3.2.45 or later, as these versions contain security updates that address CVE-2026-22194. Additionally, enabling and enforcing multi-factor authentication (MFA) for all users, especially administrators, can reduce risk. Implementing proper CSRF protections such as verifying authenticity tokens on client requests and monitoring administrative endpoints for suspicious activity are also recommended. Restricting access to the administrative user creation endpoint and educating users to avoid clicking on untrusted links can help prevent exploitation. [1, 2]