Back to search
CVE-2026-22194
Published: Jan 9, 2026
Modified: May 25, 2026
PUBLISHED
Description
GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce a logged-in user to submit crafted requests that perform actions with the victim's privileges. This can be exploited to create privileged accounts by targeting the administrative user creation endpoint.
| Vendor | Product | Versions |
|---|---|---|
GestSup | GestSup | affected 0 - <= 3.2.60 |
Weaknesses (CWE)
References
https://gestsup.fr/index.php?page=changelog
release-notes
https://www.vulncheck.com/advisories/gestsup-csrf-allows-privileged-actions
third-party-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now