Home / Vulnerability Intelligence / CVE-2026-32989

CVE-2026-32989 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 20, 2026

Precurio Intranet Portal - Cross-Site Request Forgery

Published: March 20, 2026Updated: March 20, 2026Remote Exploitable

Overview

Precurio Intranet Portal 4.4 contains a cross-site request forgery caused by lack of proper request validation in profile update file upload endpoint, letting attackers induce authenticated users to execute arbitrary code, exploit requires user authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 4.7%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code on the web server by tricking authenticated users to submit crafted requests.

Mitigation

Update to the latest version with CSRF protections and secure file upload handling.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 20, 2026

🟠 CVE-2026-32989 - High (8.8) Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to uploa... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-32989/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-32989
Severity: High
CVSS Score: 8.8
Type: cross_site_request_forgery
Status: new
EPSS: 4.7%
Social Posts: 1

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

4.7%Probability of exploitation in the next 30 days