Back to overview

CVE-2026-15034

MEDIUM Exploitation: PoC
4.3
CVSS 3.1
Description
A vulnerability has been found in flask-dashboard Flask-MonitoringDashboard up to 5.0.2. Affected by this issue is some unknown functionality. Such manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Metadata

CVE ID
CVE-2026-15034
State
PUBLISHED
Assigner
VulDB
Reserved
2026-07-08 07:38 UTC
Published
2026-07-08 13:30 UTC
Last updated
2026-07-08 14:21 UTC
Primary CWE
CWE-352
Cross-Site Request Forgery
Vendor / Product
flask-dashboard / Flask-MonitoringDashboard
Sources
cve.org  ·  NVD

Severity & Metrics

4.3 MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
flask-dashboard Flask-MonitoringDashboard 5.0.0, 5.0.1, 5.0.2
Weakness (CWE)
CWESourceDescription
CWE-352 cna Cross-Site Request Forgery
CWE-862 cna Missing Authorization
CVSS scores (4)
ScoreSeverityVersionSourceVector
5.3 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
5.0 N/D 2.0 cna AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR
4.3 MEDIUM 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
4.3 MEDIUM 3.0 cna CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
References (9)
Back to overview