What is CVE-2026-40162?

CVE-2026-40162 is a high-severity vulnerability in Bugsink, classified under Improper Input Validation. CVSS score: 7.1/10. Published 2026-04-10.

How severe is CVE-2026-40162?

High severity. CVSS v3 base score is 7.1 out of 10.

Improper input validation in Bugsink

CVE-2026-40162

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.001 (34.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L.

Affected products

Bugsink — versions >= 2.1.0, < 2.1.1

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

https://github.com/bugsink/bugsink/security/advisories/GHSA-8hw4-fhww-273g (x_refsource_CONFIRM)
https://github.com/bugsink/bugsink/releases/tag/2.1.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-40162?: CVE-2026-40162 is a high-severity vulnerability in Bugsink, classified under Improper Input Validation. CVSS score: 7.1/10. Published 2026-04-10.
How severe is CVE-2026-40162?: High severity. CVSS v3 base score is 7.1 out of 10.