What is the CVSS score of CVE-2026-31014?

CVE-2026-31014 has a CVSS 3.1 base score of 6.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L. EPSS exploitation probability: 0.0%.

Is there a public PoC exploit available for CVE-2026-31014?

Yes, a public proof-of-concept exploit is available for CVE-2026-31014. Prioritise patching immediately. EPSS: 0.0%.

Dovestones AD Self Update CVE-2026-31014

EUVD-2026-24133 MEDIUM

Cross-Site Request Forgery (CSRF) (CWE-352)

2026-04-21 mitre

GHSA-4mrw-82h5-p7hx

CSRF

6.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

PoC Detected

Apr 23, 2026 - 16:21 vuln.today

Public exploit code

Analysis Generated

Apr 21, 2026 - 19:23 vuln.today

CVSS changed

Apr 21, 2026 - 19:22 NVD

6.3 (None) 6.3 (MEDIUM)

EUVD ID Assigned

Apr 21, 2026 - 15:00 euvd

EUVD-2026-24133

Analysis Generated

Apr 21, 2026 - 15:00 vuln.today

CVE Published

Apr 21, 2026 - 00:00 nvd

MEDIUM 6.3

DescriptionNVD

Dovestones Softwares AD Self Update <4.0.0.5 is vulnerable to Cross Site Request Forgery (CSRF). The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally POST-based request can be converted to a GET request while still successfully updating user details. This allows an attacker to craft a malicious request that, when visited by an authenticated user, can modify user account information without their consent.

AnalysisAI

Cross-site request forgery (CSRF) in Dovestones AD Self Update versions before 4.0.0.5 allows unauthenticated attackers to modify authenticated user account information by crafting malicious requests that exploit missing CSRF token validation. The vulnerability affects state-changing endpoints that accept both POST and GET requests without proper anti-CSRF protections, enabling account takeover when a victim visits a malicious page while logged in. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-31014 vulnerability details – vuln.today

Back