CVE-2026-1468

UNKNOWN 0.0

Cross-Site Request Forgery in QuickCMS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges. This software does not implement any protection against this type of attack. All forms available in this software are potentially vulnerable. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

CWE	CWE-352
Vendor	opensolution
Product	quickcms
Published	Mar 6, 2026
Last Updated	Mar 9, 2026

Stay Ahead of the Next One

Get instant alerts for opensolution quickcms

Be the first to know when new unknown vulnerabilities affecting opensolution quickcms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

OpenSolution / QuickCMS

6.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/posts/2026/03/CVE-2026-1468 opensolution.org: https://opensolution.org/cms-system-quick-cms.html

Credits

Michał Biesiada