CVE-2026-27841

HIGH

SenseLive X3050 Cross-Site request forgery

Title source: cna

Description

A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage could cause a user's browser to submit unauthorized configuration requests to the device.

References (3)

Scores

CVSS v3 8.1
EPSS 0.0001
EPSS Percentile 2.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
SenseLive/X3050 V1.523
Published Apr 24, 2026
Tracked Since Apr 24, 2026