Which versions of Precurio Intranet Portal are affected by CVE-2026-32989?

Precurio Intranet Portal 4.4 has a critical vulnerability allowing attackers to trick employees into uploading malicious files that execute on our web servers.

Is there a public PoC exploit available for CVE-2026-32989?

Yes, a public proof-of-concept exploit is available for CVE-2026-32989. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2026-32989?

Within 24 hours: Inventory all systems running Precurio 4.4 and assess business criticality; notify affected business units of the risk. Within 7 days: Implement compensating controls (WAF rules blocking suspicious file uploads, disable file upload features if non-critical, restrict portal access via network segmentation). Within 30 days: Contact Precurio for patch availability; evaluate alternative intranet solutions if patch timeline is unacceptable; conduct audit of recent file uploads for indicators of compromise.

Precurio Intranet Portal CVE-2026-32989

Q: What is the CVSS score of CVE-2026-32989?

CVE-2026-32989 has a CVSS 4.0 base score of 8.6 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-13725 HIGH

Cross-Site Request Forgery (CSRF) (CWE-352)

2026-03-20 VulnCheck

CSRF RCE Precurio Intranet Portal

8.6

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

8.6 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Re-analysis Queued

Apr 16, 2026 - 14:37 vuln.today

cvss_changed

PoC Detected

Apr 01, 2026 - 15:23 vuln.today

Public exploit code

EUVD ID Assigned

Mar 20, 2026 - 16:15 euvd

EUVD-2026-13725

Analysis Generated

Mar 20, 2026 - 16:15 vuln.today

CVE Published

Mar 20, 2026 - 15:50 nvd

HIGH 8.6

DescriptionCVE.org

Precurio Intranet Portal 4.4 contains a cross-site request forgery (CSRF) weakness that can allow an attacker to induce an authenticated user to submit a crafted request to a profile update endpoint that handles file uploads. If the application stores attacker-controlled content as an executable server-side file (e.g., in a web-accessible location with an executable extension), this can lead to arbitrary code execution in the context of the web server.

AnalysisAI

Precurio Intranet Portal 4.4 contains a CSRF vulnerability that allows attackers to trick authenticated users into uploading malicious files to the server, potentially leading to remote code execution with web server privileges. A public exploit is available via PacketStorm (file ID 215644), significantly lowering the barrier for exploitation. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Craft malicious request targeting profile endpoint

Exploit

Trick authenticated user into submitting request

Execution

Upload executable file to web-accessible location

Impact

Execute arbitrary code as web server