Ryan Chan

#50980of 53,630
4.3Total CVSS
Vulnerabilities · 1
PT-2026-21568
4.3
2026-02-23
Bludit · Bludit · CVE-2026-27741
**Name of the Vulnerable Software and Affected Versions** Bludit version 3.16.1 **Description** The application lacks anti-CSRF tokens or request origin validation for administrative actions. An attacker can trick an authenticated administrator into visiting a malicious page, which silently submits crafted requests. This can lead to unauthorized plugin uninstallation via the `/admin/uninstall-plugin/` endpoint or theme installation via the `/admin/install-theme/` endpoint. Successful exploitation may result in loss of functionality, execution of untrusted code through malicious themes, and compromise of system integrity. **Recommendations** Apply updates to address the issue in Bludit version 3.16.1.