PT-2026-32493 · Pachno · Pachno
Published
2026-04-13
·
Updated
2026-04-14
·
CVE-2026-40039
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Pachno version 1.0.6
Description
An open redirection issue allows attackers to redirect users to arbitrary external websites by manipulating the
return to parameter. This can be achieved by crafting malicious login URLs with unvalidated return to values to conduct phishing attacks and steal user credentials.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pachno