Security Advisory

CVE-2026-22194

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-09 16:17:55
Last updated 2026-05-25 23:41:35
Assigner VulnCheck
State PUBLISHED

Description

GestSup versions up to and including 3.2.60 contain a cross-site request forgery (CSRF) vulnerability where the application does not verify the authenticity of client requests. An attacker can induce a logged-in user to submit crafted requests that perform actions with the victims privileges. This can be exploited to create privileged accounts by targeting the administrative user creation endpoint.