CVE-2026-15034

Summary

A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Affected Software

VendorProductVersion RangeStatus
flask-dashboardFlask-MonitoringDashboard5.0.0affected
flask-dashboardFlask-MonitoringDashboard5.0.1affected
flask-dashboardFlask-MonitoringDashboard5.0.2affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery
  • CWE-862: Missing Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References