CSRF in Masacms
CVE-2026-40174
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management operations. An attacker can induce a lo…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.000 (7.4th percentile) — read the EPSS interpretation.
Affected products
- Masacms — versions < 7.2.10, >= 7.3.0, < 7.3.15, >= 7.4.0, < 7.4.10
Weakness classification (CWE)
References
- https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-572m-p246-4356 (x_refsource_CONFIRM)