CVE-2026-9582

Published: Mag 26, 2026 Last Modified: Mag 26, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,1
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: passive
Confidentiality: N/A
Integrity: N/A
Availability: N/A
MEDIUM 4,3
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: partial
Availability: none

Description

AI Translation Available

A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

352

Cross-Site Request Forgery (CSRF)

Stable
Abstraction: Compound Structure: Composite
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Non-Repudiation Access Control
Potential Impacts:
Gain Privileges Or Assume Identity Bypass Protection Mechanism Read Application Data Modify Application Data Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies: Web Based, Web Server
Likelihood of Exploit: Medium
View CWE Details
862

Missing Authorization

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Access Control Availability
Potential Impacts:
Read Application Data Read Files Or Directories Modify Application Data Modify Files Or Directories Gain Privileges Or Assume Identity Bypass Protection Mechanism Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)
Applicable Platforms
Technologies: AI/ML, Web Server, Database Server, Not Technology-Specific
Likelihood of Exploit: High
View CWE Details
https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-…
https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9582-Cross-Site-Requ…
https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-…
https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9582-Cross-Site-Requ…
https://vuldb.com/submit/817930
https://vuldb.com/submit/817930
https://vuldb.com/vuln/365638
https://vuldb.com/vuln/365638
https://vuldb.com/vuln/365638/cti
https://vuldb.com/vuln/365638/cti
https://www.sourcecodester.com/
https://www.sourcecodester.com/