Is PHP affected by CVE-2026-4968?

Organizations using A vulnerability should be aware of moderate risk from CVE-2026-4968, a cross-site request forgery vulnerability rated CVSS 5.3. Users could be tricked into performing unintended actions. Proof-of-concept code is publicly available.

CVE-2026-4968

EUVD-2026-16740 MEDIUM

2026-03-27 VulDB

5.3

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

Analysis Generated

Mar 27, 2026 - 18:00 vuln.today

EUVD ID Assigned

Mar 27, 2026 - 18:00 euvd

EUVD-2026-16740

CVE Published

Mar 27, 2026 - 17:41 nvd

MEDIUM 5.3

Description

A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

Cross-site request forgery (CSRF) in SourceCodester Diary App 1.0 allows unauthenticated remote attackers to manipulate an unknown function within diary.php, potentially leading to unauthorized state-changing actions. The vulnerability has a moderate CVSS score of 5.3 with user interaction required, and publicly available exploit code exists, though active exploitation status is unconfirmed. …

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Verify anti-CSRF tokens are enforced.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +26

POC: +20

CVE-2026-4968 vulnerability details – vuln.today

Back

CVE-2026-4968

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-4968

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code