CVE-2026-39371 | redwoodjs sdk up to 1.0.5 GET Request serverAction cross-site request forgery (GHSA-x8rx-789c-2pxq)

Inserito da Angelo Barbosa | Apr 7, 2026 | CVE

A vulnerability identified as problematic has been detected in redwoodjs sdk up to 1.0.5. Affected is the function serverAction of the component GET Request Handler. Performing a manipulation results in cross-site request forgery.

This vulnerability is cataloged as CVE-2026-39371. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.

CVE-2026-39371 | redwoodjs sdk up to 1.0.5 GET Request serverAction cross-site request forgery (GHSA-x8rx-789c-2pxq)

Post correlati

CVE-2025-41654 | Pepperl+Fuchs Profinet Gateway FB8122A.1.EL up to 1.3.12 SNMP Protocol information disclosure (VDE-2025-011)

CVE-2025-43501 | WebKitGTK/WPE WebKit up to 2.50.3 Web buffer overflow

CVE-2024-50919 | Jpress 5.1.1 on Windows JSP File unrestricted upload

CVE-2024-25552 | W&T Com-Umlenkung PnP/Com-Umlenkung Legacy/OPC-Server Executable File unquoted search path (VDE-2024-018)