Home / Vulnerability Intelligence / CVE-2026-5791

CVE-2026-5791 - Vulnerability Analysis

CriticalCVSS: 9.6

Last Updated: May 7, 2026

DivvyDrive - Cross Site Request Forgery

Published: May 7, 2026Updated: May 7, 2026Remote Exploitable

Overview

DivvyDrive 4.8.2.9 to <4.8.3.2 contains a cross site request forgery vulnerability caused by lack of proper request validation, letting attackers force authenticated users to perform unintended actions.

Severity & Score

Severity: Critical

CVSS Score: 9.6

Impact

Attackers can trick authenticated users into performing unwanted actions, potentially compromising user data or settings.

Mitigation

Upgrade to version 4.8.3.2 or later.

References

https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0182

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-5791
Severity: Critical
CVSS Score: 9.6
Type: cross_site_request_forgery
Status: rejected

CWE

CWE-352

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H