Back to overview

CVE-2026-58476

HIGH Exploitation: PoC
8.1
CVSS 3.1
Description
Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSRF token validation or origin verification. Attackers can trigger actions such as disabling the passphrase, rebooting the device, deleting programs, or installing plugins, with the default configuration exposing these endpoints to unauthenticated users due to no required passphrase and a default credential of 'opendoor'.

Metadata

CVE ID
CVE-2026-58476
State
PUBLISHED
Assigner
VulnCheck
Reserved
2026-06-30 20:20 UTC
Published
2026-07-14 14:25 UTC
Last updated
2026-07-14 14:43 UTC
Primary CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Vendor / Product
Dan-in-CA / SIP
Sources
cve.org  ·  NVD

Severity & Metrics

8.1 HIGH CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
Dan-in-CA SIP 0 ≤ 5.2.16
Weakness (CWE)
CWESourceDescription
CWE-352 cna Cross-Site Request Forgery (CSRF)
CVSS scores (2)
ScoreSeverityVersionSourceVector
8.1 HIGH 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
7.0 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
Back to overview