CVE-2026-9582 - Vulnerability Details

- SourceCodester CET Automated Grading System with AI Predictive Analytics cross-site request forgery

Description

A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.

Published: 2026-05-26

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An insecure function in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0 allows an attacker to craft a request that a victim’s browser will execute, effectively inserting a cross‑site request forgery (XSRF) vulnerability. The flaw is classified as CWE‑352 (Cross‑Site Request Forgery) and also involves a missing permission check (CWE‑862). The result is that an attacker can cause the authenticated user to perform unintended actions on the application, potentially altering data or executing unintended commands.

Affected Systems

The vulnerability affects SourceCodester’s CET Automated Grading System with AI Predictive Analytics, specifically version 1.0. No other versions or products are listed as impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity vulnerability. EPSS data is unavailable, but typical XSRF exploitation is considered low‑to‑moderate in the absence of additional constraints. The flaw is not listed in CISA’s KEV catalog. The attack can be carried out remotely by an actor who can convince a legitimate user to visit a malicious page or click a forged link that causes the victim’s browser to submit a manipulated request to the affected application.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

SourceCodester

CET Automated Grading System with AI Predictive Analytics

affected

Version	Status	Constraints
`1.0`	affected	—

No data.

Vendor Product Confidence Versions

Sourcecodester

Cet Automated Grading System With Ai Predictive Analytics

95%

Version	Status	Scheme	Platform
`1.0`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Contact SourceCodester and apply any available patch or upgrade to a newer release that addresses the CSRF flaw
Implement or enable CSRF tokens for all state‑changing requests; tokens should be unpredictable and bound to the user session
Configure the web application to reject requests with a missing or invalid CSRF token and to enforce same‑origin checks
If a patch is not yet available, place a web application firewall or reverse proxy in front of the service that blocks requests lacking a valid token or that appear to be forged

Generated by OpenCVE AI on May 26, 2026 at 22:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00159.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9582-Cross-Site-Request-Forgery/Advisory.md
https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9582-Cross-Site-Request-Forgery/poc.html
https://vuldb.com/submit/817930
https://vuldb.com/vuln/365638
https://vuldb.com/vuln/365638/cti
https://www.sourcecodester.com/

History

Wed, 27 May 2026 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 26 May 2026 21:15:00 +0000

Type	Values Removed	Values Added
Description		A security flaw has been discovered in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This affects an unknown function. Performing a manipulation results in cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
Title		SourceCodester CET Automated Grading System with AI Predictive Analytics cross-site request forgery
First Time appeared		Sourcecodester Sourcecodester cet Automated Grading System With Ai Predictive Analytics
Weaknesses		CWE-352 CWE-862
CPEs		cpe:2.3:a:sourcecodester:cet_automated_grading_system_with_ai_predictive_analytics::::::::
Vendors & Products		Sourcecodester Sourcecodester cet Automated Grading System With Ai Predictive Analytics
References		https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9582-Cross-Site-Request-Forgery/Advisory.md https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-9582-Cross-Site-Request-Forgery/poc.html https://vuldb.com/submit/817930 https://vuldb.com/vuln/365638 https://vuldb.com/vuln/365638/cti https://www.sourcecodester.com/
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Sourcecodester Cet Automated Grading System With Ai Predictive Analytics

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-05-26T20:45:11.049Z

Updated: 2026-05-27T17:58:26.690Z

Reserved: 2026-05-26T12:53:01.526Z

Link: CVE-2026-9582

Vulnrichment

Updated: 2026-05-27T17:58:21.066Z

NVD

Status : Deferred

Published: 2026-05-26T21:16:45.493

Modified: 2026-05-27T14:50:47.627

Link: CVE-2026-9582

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-26T23:15:19Z

Weaknesses

CWE-352
Cross-Site Request Forgery (CSRF)
CWE-862
Missing Authorization

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object