What is CVE-2026-40041?

CVE-2026-40041 is a medium-severity vulnerability in Pachno, classified under Cross-Site Request Forgery (CSRF). CVSS score: 4.3/10. Published 2026-04-13.

How severe is CVE-2026-40041?

Medium severity. CVSS v3 base score is 4.3 out of 10.

CSRF in Pachno

CVE-2026-40041

Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malic…

Vulnerability class: CSRF (Cross-Site Request Forgery)

EPSS: 0.000 (5.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N.

Affected products

Pachno — versions 1.0.6
Pancho Pachno — versions 1.0.6

Weakness classification (CWE)

CWE-352 — Cross-Site Request Forgery (CSRF)

References

Zero Science Lab Disclosure (third-party-advisory)
VulnCheck Advisory: Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints (third-party-advisory)

Frequently asked questions

What is CVE-2026-40041?: CVE-2026-40041 is a medium-severity vulnerability in Pachno, classified under Cross-Site Request Forgery (CSRF). CVSS score: 4.3/10. Published 2026-04-13.
How severe is CVE-2026-40041?: Medium severity. CVSS v3 base score is 4.3 out of 10.