Vulnerability in Monicahq Monica
CVE-2026-26747
A Host Header Poisoning vulnerability exists in Monica 4.1.2 due to improper handling of the HTTP Host header in app/Providers/AppServiceProvider.php, combined with the default misconfiguration where the "app.force_url" is not set and defa…
EPSS: 0.004 (30.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Monicahq Monica — versions 4.1.2
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (Product)
- cve@mitre.org (Exploit, Vendor Advisory)
Frequently asked questions
- What is CVE-2026-26747?
- CVE-2026-26747 is a critical-severity vulnerability in Monicahq Monica, classified under Improper Neutralization of HTTP Headers for Scripting Syntax. CVSS score: 9.1/10. Published 2026-02-20.
- How severe is CVE-2026-26747?
- Critical severity. CVSS v3 base score is 9.1 out of 10.