Home / Vulnerability Intelligence / CVE-2026-32989

CVE-2026-32989 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 20, 2026

Precurio Intranet Portal - Cross-Site Request Forgery

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Precurio Intranet Portal 4.4 contains a cross-site request forgery caused by lack of proper request validation in profile update file upload endpoint, letting attackers induce authenticated users to execute arbitrary code, exploit requires user authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

Impact

Attackers can execute arbitrary code on the web server by tricking authenticated users to submit crafted requests.

Mitigation

Update to the latest version with CSRF protections and secure file upload handling.

References

https://www.packetstorm.news/files/id/215644/
https://www.precurio.com

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-32989
Severity: High
CVSS Score: 8.8
Type: cross_site_request_forgery
Status: new

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H