CVE-2026-31014

Name of the Vulnerable Software and Affected Versions Dovestones Softwares AD Self Update versions prior to 4.0.0.5

Description Cross Site Request Forgery (CSRF) occurs when an endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and a POST-based request can be converted to a GET request to successfully update user details. This allows an attacker to craft a malicious request that modifies user account information without consent when visited by an authenticated user.

Recommendations Update to version 4.0.0.5.