CVE-2026-40043

MEDIUM 6.5

Pachno 1.0.6 Authentication Bypass via runSwitchUser()

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username cookie. Attackers can set the client-controlled original_username cookie to any value and request a switch to user ID 1 to obtain session tokens or password hashes belonging to administrator accounts.

CWE	CWE-639
Vendor	pancho
Product	pachno
Published	Apr 13, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for pancho pachno

Be the first to know when new medium vulnerabilities affecting pancho pachno are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

pancho / Pachno

1.0.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5985.php vulncheck.com: https://www.vulncheck.com/advisories/pachno-authentication-bypass-via-runswitchuser zeroscience.mk: https://www.zeroscience.mk/#/advisories/ZSL-2026-5985

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab