CVE-2026-22194

UNKNOWN 0.0

GestSup <= 3.2.56 CSRF Allows Privileged Actions

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce a logged-in user to submit crafted requests that perform actions with the victim's privileges. This can be exploited to create privileged accounts by targeting the administrative user creation endpoint.

CWE	CWE-352
Vendor	gestsup
Product	gestsup
Published	Jan 9, 2026
Last Updated	Mar 5, 2026

Stay Ahead of the Next One

Get instant alerts for gestsup gestsup

Be the first to know when new unknown vulnerabilities affecting gestsup gestsup are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

GestSup / GestSup

0 ≤ 3.2.60

References

NVD ↗ CVE.org ↗ EPSS Data ↗

gestsup.fr: https://gestsup.fr/index.php?page=changelog vulncheck.com: https://www.vulncheck.com/advisories/gestsup-csrf-allows-privileged-actions

Credits

Geoffrey Robert and Valentin Holubec of Akailabs VulnCheck