Skip to main content

KTM System e-BOK CVE-2026-35096

| EUVDEUVD-2026-40323 MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-06-30 CERT-PL GHSA-w423-2pcr-p665
5.1
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.5 MEDIUM

PR:N and AV:N reflect no attacker privileges; I:H captures full account takeover via credential change; UI:R mandates victim interaction.

3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 15:01 EUVD
Analysis Generated
Jun 30, 2026 - 14:31 vuln.today

DescriptionCVE.org

KTM System e-BOK is vulnerable to Cross‑Site Request Forgery (CSRF) in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the attacker to trigger an unauthorized email or password change on behalf of the victim without their knowledge or interaction.

This issue was fixed in the patch published in June 2026.

AnalysisAI

CSRF flaws in KTM System e-BOK's email-change and password-change endpoints allow any remote, unauthenticated attacker to trigger account credential changes on behalf of an authenticated victim by luring them to a malicious web page. Reported by CERT-PL, the vulnerabilities affect all e-BOK versions prior to the June 2026 patch and carry a CVSS 4.0 score of 5.1 (Medium). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Identify authenticated e-BOK user target
Delivery
Craft malicious page with auto-submitting forged POST form
Exploit
Deliver phishing link to victim
Install
Victim visits attacker page while logged into e-BOK
C2
Browser forwards session cookie with forged request
Execute
Server accepts request, changes victim email or password
Impact
Attacker accesses account with new credentials

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim to hold an active, authenticated session in KTM System e-BOK (i.e., be logged in with a valid session cookie) at the moment they visit the attacker's malicious page. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 score of 5.1 (Medium) is grounded in a vector of AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N - network-reachable, low complexity, no attacker privileges required, but mandatory user interaction (UI:A), with only low integrity impact to the vulnerable system. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker builds a web page containing a hidden HTML form that auto-submits via JavaScript to the e-BOK password-change endpoint, pre-populating the new password field with an attacker-chosen value. The attacker sends a phishing link to this page targeting known e-BOK users; when an authenticated victim loads the page, their browser silently forwards the active e-BOK session cookie with the forged POST request, the server processes it as legitimate, and the victim's password is changed without any visible prompt - granting the attacker full account access. …
Remediation Apply the patch published by KTM System in June 2026, which resolves the CSRF vulnerabilities in both the email-change and password-change functionalities. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-35096 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy