CVE-2026-16216
MEDIUM
4.3
CVSS 3.1
Description
A weakness has been identified in geex-arts django-jet up to 1.0.8. Affected is an unknown function of the component OAuth Handler. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Metadata
Severity & Metrics
4.3
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| geex-arts | django-jet | — | 1.0.0, 1.0.1, 1.0.2, 1.0.3 … |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.3 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| 5.0 | N/D | 2.0 | cna | AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR |
| 4.3 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
| 4.3 | MEDIUM | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
References (6)
- VDB-380039 | geex-arts django-jet OAuth cross-site request forgery https://vuldb.com/vuln/380039
- VDB-380039 | CTI Indicators (IOB, IOC) https://vuldb.com/vuln/380039/cti
- CVE-2026-16216 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-16216
- Submit #857947 | geex-arts django-jet 0cc1e636109f680de6759ac30c0b14ef980883bc CWE-352 Cross-Site Request Forgery https://vuldb.com/submit/857947
- https://github.com/geex-arts/django-jet/issues/528
- https://github.com/geex-arts/django-jet/