CVE-2026-31014
CSRF Vulnerability in Dovestones AD Self Update <4.0.0.5 Allows Unauthorized Account Modification
Publication date: 2026-04-21
Last updated on: 2026-04-23
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dovestones | ad_self_update | to 4.0.0.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31014 is a Cross-Site Request Forgery (CSRF) vulnerability in Dovestones Software AD SelfUpdate versions prior to 4.0.0.5. It affects an endpoint that updates user account details without requiring CSRF tokens or similar protections.
This endpoint accepts application/x-www-form-urlencoded requests and allows originally POST-based requests to be converted into GET requests while still successfully updating user details.
An attacker can craft a malicious URL or webpage that, when visited by an authenticated user, triggers unauthorized changes to user account information without the user's knowledge or consent.
How can this vulnerability impact me? :
Successful exploitation of this vulnerability can lead to unauthorized modifications of user account details, including contact information and profile attributes.
This can disrupt account workflows, compromise the integrity of directory-stored user data, and increase opportunities for social engineering attacks through altered account data.
The attack requires the victim to be authenticated and involves them visiting a malicious URL or webpage crafted by the attacker.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the endpoint /ADSelfUpdate/Home/UpdateADUser for state-changing requests that do not require CSRF tokens or equivalent protections.
Specifically, look for application/x-www-form-urlencoded requests that update user details and check if POST requests are being accepted as GET requests as well.
Commands to detect this may include using network traffic analysis tools like curl or wget to test the endpoint behavior, or inspecting web server logs for suspicious GET or POST requests to the vulnerable endpoint.
- Use curl to test if GET requests can update user details: curl -X GET 'http://target/ADSelfUpdate/Home/UpdateADUser' -d 'user_data=malicious_data' -b 'auth_cookies'
- Inspect web server logs for unexpected GET requests with parameters to /ADSelfUpdate/Home/UpdateADUser.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Dovestones Software AD SelfUpdate to version 4.0.0.5 or later, which contains fixes for this vulnerability.
Additional defensive measures include implementing CSRF tokens for all state-changing requests, enforcing POST-only behavior for update actions, validating Origin and Referer headers, using SameSite cookie protections, and requiring reauthentication for sensitive account changes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows unauthorized modification of user account information without the user's consent, which can lead to loss of integrity of directory-stored user data and increased opportunities for social engineering.
Such unauthorized changes and potential data integrity issues could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal data and ensuring data integrity and user consent.
However, the provided information does not explicitly mention compliance impacts or regulatory considerations.