Home / Vulnerability Intelligence / CVE-2026-27841

CVE-2026-27841 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: April 24, 2026

SenseLive X3050 - Cross-Site Request Forgery

Published: April 24, 2026Updated: April 24, 2026Remote Exploitable

Overview

SenseLive X3050 contains a cross-site request forgery caused by lack of server-side validation and CSRF tokens in the web management interface, letting attackers trigger unauthorized state-changing operations via a malicious webpage, exploit requires user interaction.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can cause users to submit unauthorized configuration requests, potentially altering device settings without consent.

Mitigation

Implement server-side validation of request origin and CSRF tokens in the web management interface.

References

Related Resources

Details

CVE ID: CVE-2026-27841
Severity: High
CVSS Score: 8.1
Type: cross_site_request_forgery
Status: new

CWE

CWE-352

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H