Which versions of Note Taking App are affected by CVE-2026-4971?

Organizations using SourceCodester Note Taking App should be aware of moderate risk from CVE-2026-4971, a cross-site request forgery vulnerability rated CVSS 5.3.

Is there a public PoC exploit available for CVE-2026-4971?

Yes, a public proof-of-concept exploit is available for CVE-2026-4971. Prioritise patching immediately. EPSS: 0.0%.

Note Taking App CVE-2026-4971

Q: What is the CVSS score of CVE-2026-4971?

CVE-2026-4971 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-16803 LOW

Cross-Site Request Forgery (CSRF) (CWE-352)

2026-03-27 VulDB

CSRF Note Taking App

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Mar 30, 2026 - 13:26 vuln.today

Public exploit code

EUVD ID Assigned

Mar 27, 2026 - 19:30 euvd

EUVD-2026-16803

Analysis Generated

Mar 27, 2026 - 19:30 vuln.today

CVE Published

Mar 27, 2026 - 19:15 nvd

MEDIUM 5.3

DescriptionCVE.org

A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. If you want to get best quality of vulnerability data, you may have to visit VulDB.

AnalysisAI

Cross-site request forgery (CSRF) in SourceCodester Note Taking App up to version 1.0 allows remote attackers to perform unauthorized actions via crafted requests, exploiting lack of CSRF token validation. The vulnerability requires user interaction (clicking a malicious link) but carries no authentication barrier. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS score of 4.3 reflects limited direct impact (integrity impact only, no confidentiality or availability loss), making this a low-to-moderate severity rating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker sends a phishing email to users of SourceCodester Note Taking App containing a link to a malicious website. When a victim (already logged into the Note Taking App) visits the attacker's page, JavaScript or a hidden form automatically submits a request to the Note Taking App-for example, deleting all notes or changing account settings-using the victim's active session. …
Remediation	Upgrade to a patched version of SourceCodester Note Taking App beyond 1.0 if available from the vendor. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 30 days: Identify affected systems running SourceCodester Note Taking App and apply vendor patches as part of regular patch cycle. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4971 vulnerability details – vuln.today

Back