CVE-2026-1835

Vulnerability

Analysis

A cross-site request forgery (CSRF) vulnerability exists in the BootDo application up to commit e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. The issue resides in the UserController.java file's save method, which does not implement any CSRF protection mechanisms [1]. This allows an attacker to craft malicious requests that, when executed by an authenticated user's browser without their knowledge or consent.

Exploitation

The attack is remotely exploitable and does not require authentication or authorization to craft the malicious payload [1]. The attacker can create a CSRF proof-of-concept (POC) that, when accessed by an administrator, will execute the request to add a new administrator account [1]. The vulnerability is publicly known and exploit code is available.

Impact

Successful exploitation enables an attacker to perform unauthorized actions on behalf of the victim user, such as modifying account settings, making unauthorized transactions, or accessing sensitive user data [1]. In the specific case of the /sys/user/save endpoint, an attacker can force an administrator to create a new administrator account, leading to a complete compromise of the application's access control [1]. This poses a significant threat to user privacy, data integrity, and overall system security.

Mitigation

The vendor uses a rolling release strategy, so specific patched versions are not identified [1]. The recommended fix is to implement CSRF tokens or other anti-CSRF measures in the UserController class, particularly in the save method [1]. Users should monitor the BootDo repository for updates that address this vulnerability.