Description
Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username cookie. Attackers can set the client-controlled original_username cookie to any value and request a switch to user ID 1 to obtain session tokens or password hashes belonging to administrator accounts.
Published: 2026-04-13
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

A flaw in Pachno version 1.0.6 allows low‑privilege users to bypass authentication by manipulating the original_username cookie in the runSwitchUser() action. When an attacker sets this cookie to any value and requests a switch to user ID 1, the system grants access to session tokens or password hashes belonging to the administrator account. The weakness corresponds to CWE‑639, which represents unauthorized credential escalation.

Affected Systems

The vulnerability affects only installations of Pachno 1.0.6 on any supported platform. Users of newer or older releases are not impacted. It arises in the specific Pacno release and does not carry over to subsequent versions unless the underlying runSwitchUser logic is unchanged.

Risk and Exploitability

The CVSS score of 7.1 marks it as high severity. No EPSS data is available, and the flaw has not been added to the CISA KEV catalog. An attacker only needs to be authenticated with a low‑privilege account to alter the client‑controlled original_username cookie and request a switch to the administrator user. The attack requires no additional privileges beyond the initial authenticated session, making exploitation straightforward once the cookie is manipulated.

Generated by OpenCVE AI on April 13, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s latest Pachno update to patch the authentication bypass.
  • If a patch is not immediately available, restrict or disable the runSwitchUser feature so that only administrators can use it.
  • Monitor authentication logs for suspicious switch‑user requests or anomalous changes to the original_username cookie.

Generated by OpenCVE AI on April 13, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username cookie. Attackers can set the client-controlled original_username cookie to any value and request a switch to user ID 1 to obtain session tokens or password hashes belonging to administrator accounts.
Title Pachno 1.0.6 Authentication Bypass via runSwitchUser()
First Time appeared Pachno
Pachno pachno
Weaknesses CWE-639
CPEs cpe:2.3:a:pachno:pachno:1.0.6:*:*:*:*:*:*:*
Vendors & Products Pachno
Pachno pachno
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Pachno Pachno
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-13T20:49:59.051Z

Reserved: 2026-04-08T13:39:22.100Z

Link: CVE-2026-40043

cve-icon Vulnrichment

Updated: 2026-04-13T20:49:48.399Z

cve-icon NVD

Status : Deferred

Published: 2026-04-13T19:16:52.140

Modified: 2026-04-17T15:28:29.690

Link: CVE-2026-40043

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:33:37Z

Weaknesses