CVE-2026-55742
Received Received - Intake
Cross-Site Request Forgery in Cotonti Admin Rights Handler

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: 309f9ea4-e3e9-4c6c-b79d-e8eb01244f2c

Description
Cotonti 1.0.0 (master branch, commit f43f1fc3) is vulnerable to Cross-Site Request Forgery in the administration rights handler. In system/admin/admin.rights.php, the rights update action ('a=update') modifies group access rights (including via cot_auth_add_group) without calling cot_check_xg() to validate the anti-CSRF token. A remote attacker who lures an authenticated administrator into visiting a malicious page can force the browser to submit a forged request that grants elevated permissions to an attacker-controlled group, escalating privileges to administrator. Because Cotonti administrators can modify templates and configuration, this can be further leveraged toward remote code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-18
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-55742
EUVD
EUVD-2026-37854
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cotonti cotonti 1.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-55742 is a Cross-Site Request Forgery (CSRF) vulnerability in Cotonti 1.0.0's administration rights handler. Specifically, the rights update action in system/admin/admin.rights.php modifies group access rights without validating an anti-CSRF token. This allows a remote attacker to trick an authenticated administrator into visiting a malicious page that submits a forged request, granting elevated permissions to an attacker-controlled group and escalating privileges to administrator level.

Because administrators can modify templates and configuration, this privilege escalation can be further exploited to achieve remote code execution. The vulnerability stems from insufficient input validation and sanitization in the rights update process, including parameters like 'ncoprightsfrom' and 'items', and the lack of proper checks on locked elements that should not be modified.

Impact Analysis

This vulnerability can have severe impacts including unauthorized privilege escalation where an attacker gains administrator-level access. With these elevated rights, the attacker can modify templates and configurations, potentially leading to remote code execution on the affected system.

Such unauthorized access can compromise the integrity, confidentiality, and availability of the system, allowing attackers to control sensitive data, disrupt services, or implant malicious code.

Detection Guidance

This vulnerability can be detected by inspecting the administration rights update requests, specifically looking for the absence of anti-CSRF token validation in requests to system/admin/admin.rights.php with the action parameter 'a=update'. Monitoring for unusual or unauthorized changes to group access rights, especially involving the 'ncoprightsfrom' and 'items' parameters, can indicate exploitation attempts.

Since the vulnerability involves missing CSRF token checks, you can detect suspicious activity by capturing and analyzing HTTP requests to the admin.rights.php endpoint and verifying whether the requests include valid CSRF tokens.

Suggested commands to detect potential exploitation attempts include using network traffic analysis tools like tcpdump or Wireshark to filter HTTP POST requests to the vulnerable endpoint, for example:

  • tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'admin.rights.php?a=update'
  • Using curl or similar tools to manually test the presence or absence of CSRF tokens in requests to the rights update action.

Additionally, reviewing server logs for unexpected changes in group permissions or administrative actions without corresponding valid CSRF tokens can help detect exploitation.

Mitigation Strategies

Immediate mitigation steps include restricting access to the administration panel to trusted IP addresses and users to reduce the risk of unauthorized exploitation.

Ensure that all administrative actions, especially those modifying group permissions, require valid anti-CSRF tokens by applying patches or updates that add proper validation calls such as cot_check_xg() in the rights update process.

If a patch is not yet available, consider temporarily disabling or restricting the rights update functionality to prevent unauthorized privilege escalation.

Educate administrators to avoid clicking on suspicious links or visiting untrusted websites while authenticated to the administration panel, as the vulnerability relies on tricking an authenticated admin into submitting a forged request.

Compliance Impact

The vulnerability allows an attacker to escalate privileges to administrator level by exploiting a Cross-Site Request Forgery (CSRF) flaw in the Cotonti CMS administration rights handler. This unauthorized privilege escalation can lead to unauthorized access and modification of sensitive data and system configurations.

Such unauthorized access and potential data compromise can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive personal and health information, as well as ensuring data integrity and confidentiality.

Because the vulnerability can be leveraged toward remote code execution, it increases the risk of data breaches and unauthorized data manipulation, further threatening regulatory compliance.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-55742. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart