CVE-2026-40041

Name of the Vulnerable Software and Affected Versions Pachno version 1.0.6

Description Missing CSRF (Cross-Site Request Forgery) protections on state-changing endpoints allow attackers to perform arbitrary actions within the context of an authenticated user. By crafting malicious requests, attackers can target functions such as login, registration, file upload, milestone editing, and administrative tasks. This can result in forced logouts, unauthorized account creation, modification of user roles, injection of comments, or unauthorized file uploads when an authenticated user visits a website controlled by the attacker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.