CSRF in Opensolution Quickcms

CVE-2026-1468

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does no…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (1.0th percentile) — read the EPSS interpretation.

Affected products

Opensolution Quickcms — versions 6.8

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

cert.pl/posts/2026/03/CVE-2026-1468 (third-party-advisory)
opensolution.org/cms-system-quick-cms.html (product)