CVE-2026-1153

Summary

A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Affected Software

VendorProductVersion RangeStatus
technical-laohumpay1.2.0affected
technical-laohumpay1.2.1affected
technical-laohumpay1.2.2affected
technical-laohumpay1.2.3affected
technical-laohumpay1.2.4affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery
  • CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References