CVE-2026-38934

HIGH

diskoverdata diskover-community <=2.3.5 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-38934. PoCs published by VadlaReddySai.

AI-analyzed exploit summary The repository claims to contain PoCs for multiple CVEs (CVE-2026-38934, CVE-2026-38935, CVE-2026-38936) in diskover-community but only provides a vague README with no technical details or exploit code. It mentions CSRF and XSS vulnerabilities without any proof-of-concept or analysis.

Description

Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/settings_process.php

Exploits (1)

nomisec SUSPICIOUS

by VadlaReddySai · poc

https://github.com/VadlaReddySai/diskoverdata-cve-writeups

View Code ZIP pw:eip

The repository claims to contain PoCs for multiple CVEs (CVE-2026-38934, CVE-2026-38935, CVE-2026-38936) in diskover-community but only provides a vague README with no technical details or exploit code. It mentions CSRF and XSS vulnerabilities without any proof-of-concept or analysis.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: diskover-community

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Apr 28, 2026 Full analysis →

References (3)

Core 3

Core References

http://diskover-community.com

http://diskoverdata.com

https://github.com/VadlaReddySai/diskoverdata-cve-writeups/blob/main/CVE-2026-38934

View Writeup ZIP pw:eip

Scores

CVSS v3 8.8

EPSS 0.0026

EPSS Percentile 17.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-352

Status published

Published Apr 27, 2026

Tracked Since Apr 27, 2026