What is the CVSS score of CVE-2026-5791?

CVE-2026-5791 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of DivvyDrive are affected by CVE-2026-5791?

DivvyDrive versions 4.8.2.9 through 4.8.3.1 contain a critical cross-site request forgery vulnerability (CVSS 9.6) that allows authenticated users to be tricked into performing unauthorized actions,…. A patch is available.

DivvyDrive CVE-2026-5791

EUVD-2026-28359 MEDIUM

Cross-Site Request Forgery (CSRF) (CWE-352)

2026-05-07 TR-CERT

GHSA-r92j-v37g-pjf9

CSRF

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Lifecycle Timeline

Severity Changed

May 10, 2026 - 16:22 NVD

CRITICAL MEDIUM

CVSS changed

May 10, 2026 - 16:22 NVD

9.6 (CRITICAL) 6.5 (MEDIUM)

Patch available

May 07, 2026 - 14:01 EUVD

Analysis Generated

May 07, 2026 - 13:30 vuln.today

CVE Published

May 07, 2026 - 12:40 nvd

CRITICAL 9.6

DescriptionNVD

Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery.

This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2.

AnalysisAI

Cross-Site Request Forgery in DivvyDrive 4.8.2.9 through 4.8.3.1 allows remote attackers to execute unauthorized actions with high integrity and confidentiality impact when authenticated users interact with malicious content. The CVSS 9.6 (Critical) score reflects scope change and full CIA triad compromise, though EPSS data and KEV status are unavailable. …

RemediationAI

Within 24 hours: inventory all DivvyDrive deployments and identify instances running versions 4.8.2.9-4.8.3.1; restrict access to affected systems to internal networks only and disable external sharing features if available. Within 7 days: contact DivvyDrive vendor for patch timeline and interim mitigations; implement mandatory reauthentication for sensitive operations and deploy SameSite cookie protections if configurable. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5791 vulnerability details – vuln.today

Back

DivvyDrive CVE-2026-5791

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code