Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
PR:N and AV:N reflect no attacker privileges; I:H captures full account takeover via credential change; UI:R mandates victim interaction.
Primary rating from Vendor (CERT-PL).
CVSS VectorVendor: CERT-PL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
KTM System e-BOK is vulnerable to Cross‑Site Request Forgery (CSRF) in both the email-change and password-change functionalities. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged POST request to the application. This allows the attacker to trigger an unauthorized email or password change on behalf of the victim without their knowledge or interaction.
This issue was fixed in the patch published in June 2026.
AnalysisAI
CSRF flaws in KTM System e-BOK's email-change and password-change endpoints allow any remote, unauthenticated attacker to trigger account credential changes on behalf of an authenticated victim by luring them to a malicious web page. Reported by CERT-PL, the vulnerabilities affect all e-BOK versions prior to the June 2026 patch and carry a CVSS 4.0 score of 5.1 (Medium). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the victim to hold an active, authenticated session in KTM System e-BOK (i.e., be logged in with a valid session cookie) at the moment they visit the attacker's malicious page. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 5.1 (Medium) is grounded in a vector of AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N - network-reachable, low complexity, no attacker privileges required, but mandatory user interaction (UI:A), with only low integrity impact to the vulnerable system. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker builds a web page containing a hidden HTML form that auto-submits via JavaScript to the e-BOK password-change endpoint, pre-populating the new password field with an attacker-chosen value. The attacker sends a phishing link to this page targeting known e-BOK users; when an authenticated victim loads the page, their browser silently forwards the active e-BOK session cookie with the forged POST request, the server processes it as legitimate, and the victim's password is changed without any visible prompt - granting the attacker full account access. … |
| Remediation | Apply the patch published by KTM System in June 2026, which resolves the CSRF vulnerabilities in both the email-change and password-change functionalities. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Unlimited brute-force attacks against KTM System e-BOK user accounts are enabled by the complete absence of login rate l
KTM System e-BOK enforces a system-wide password policy that restricts all user credentials to exactly six numeric digit
Session fixation in KTM System e-BOK (an online customer service portal) enables an attacker to preset a session identif
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40323
GHSA-w423-2pcr-p665