CVE-2026-54220 | uBB.threads is vulnerable to a Cross-Site Request Forgery (C… | CVSS 8.6 HIGH

Description

uBB.threads is vulnerable to a Cross-Site Request Forgery (CSRF) due to a lack of protective mechanisms. This allows an attacker to trick an authenticated user into executing unintended actions. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.

Metadata

CVE ID: CVE-2026-54220
State: PUBLISHED
Assigner: CERT-PL
Reserved: 2026-06-12 11:03 UTC
Published: 2026-06-18 12:56 UTC
Last updated: 2026-06-18 13:30 UTC
Primary CWE: CWE-352
CWE-352 Cross-Site Request Forgery (CSRF)
Vendor / Product: UBB Systems / UBB.threads
Sources: cve.org · NVD

Severity & Metrics

8.6 HIGH CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
UBB Systems	UBB.threads	—	0 ≤ 7.7.5

Weakness (CWE)

CWE	Source	Description
CWE-352	cna	CWE-352 Cross-Site Request Forgery (CSRF)

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.6	HIGH	4.0	cna	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

References (2)