Skip to main content

CVE-2026-52100

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2026-07-14 cve@mitre.org
7.5
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jul 15, 2026 - 15:25 vuln.today
CVSS changed
Jul 15, 2026 - 15:22 NVD
7.5 (HIGH)
CVE Published
Jul 14, 2026 - 21:17 cve.org
HIGH 7.5
CVE Published
Jul 14, 2026 - 21:17 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

Cross Site Request Forgery vulnerability in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to execute arbitrary code via the uploadPutHandler function

AnalysisAI

Arbitrary code execution in andreimarcu linx-server (a self-hosted file/media sharing service) versions 1.0 through 2.3.8 can be triggered by a remote attacker abusing a Cross-Site Request Forgery flaw in the uploadPutHandler function, per NVD and MITRE. Because the upload endpoint lacks anti-CSRF protection, an attacker can forge upload requests that ride an authenticated victim's session to achieve code execution. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: inventory all linx-server instances and determine which are internet-accessible; immediately restrict network access to upload endpoints if publicly exposed. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-52100 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy