CVE-2026-48290 - CERT CVE
ID CVE-2026-48290
Sažetak CAI Content Credentials is affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed.
Reference
CVSS
Base: 8.2
Impact: 5.8
Exploitability:1.8
Pristup
VektorSloženostAutentikacija
LOCAL LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH HIGH NONE
CVSS vektor CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Zadnje važnije ažuriranje 16-07-2026 - 19:03
Objavljeno 14-07-2026 - 22:17