CVE-2026-32989

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Precurio Intranet Portal version 4.4

Description Precurio Intranet Portal 4.4 contains a cross-site request forgery condition. Attackers can leverage this to compel authenticated users to submit malicious requests to a profile update endpoint that manages file uploads. Successful exploitation allows attackers to upload executable files to publicly accessible locations, potentially resulting in arbitrary code execution on the web server. The vulnerable endpoint handles file uploads during profile updates. The profile update endpoint is susceptible to crafted requests.

Recommendations Precurio Intranet Portal version 4.4: Implement same-site cookies and rotating tokens to prevent cross-site request forgery attacks.

Exploit

Fix

Unrestricted File Upload

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434CWE-352

Related Identifiers

CVE-2026-32989

Affected Products

Precurio Intranet Portal

CVE-2026-32989

Weakness Enumeration

Related Identifiers

Affected Products

References · 8