What is the CVSS score of CVE-2026-44347?

CVE-2026-44347 has a CVSS 3.1 base score of 5.8 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Warpgate CVE-2026-44347

MEDIUM

Cross-Site Request Forgery (CSRF) (CWE-352)

2026-05-12 security-advisories@github.com

Information Disclosure CSRF

5.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

CVE Published

May 12, 2026 - 23:16 nvd

MEDIUM 5.8

DescriptionNVD

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on the attacker's account (such as writing sensitive data to the attacker's SSH target, or logging into an HTTP target that the attacker set up). This vulnerability is fixed in 0.23.3.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-44347 vulnerability details – vuln.today

Back