CVE-2026-27841: CWE-352 Cross-Site request forgery (CSRF) in SenseLive X3050
CVE-2026-27841 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability in the SenseLive X3050 web management interface. The vulnerability arises because the application does not enforce server-side validation of request origin nor implements CSRF tokens, allowing unauthorized state-changing operations via malicious external webpages. This affects version V1. 523 of the product. There is currently no official patch or remediation level provided by the vendor. No known exploits in the wild have been reported.
AI Analysis
Technical Summary
SenseLive X3050 version V1.523 contains a CSRF vulnerability (CWE-352) in its web management interface. The application fails to validate the origin of requests or use CSRF tokens, enabling attackers to trick authenticated users into submitting unauthorized configuration changes. The CVSS 4.0 base score is 8.4 (high), reflecting network attack vector, low attack complexity, no user interaction, and high impact on integrity and availability. No patch or official remediation guidance is currently available.
Potential Impact
An attacker can cause a user's browser to submit unauthorized configuration requests to the SenseLive X3050 device without the user's consent, potentially leading to unauthorized changes in device configuration. This could impact the integrity and availability of the device's management functions. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider restricting access to the web management interface to trusted networks and users only, and avoid browsing untrusted websites from devices with access to the management interface.
CVE-2026-27841: CWE-352 Cross-Site request forgery (CSRF) in SenseLive X3050
Description
CVE-2026-27841 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability in the SenseLive X3050 web management interface. The vulnerability arises because the application does not enforce server-side validation of request origin nor implements CSRF tokens, allowing unauthorized state-changing operations via malicious external webpages. This affects version V1. 523 of the product. There is currently no official patch or remediation level provided by the vendor. No known exploits in the wild have been reported.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
SenseLive X3050 version V1.523 contains a CSRF vulnerability (CWE-352) in its web management interface. The application fails to validate the origin of requests or use CSRF tokens, enabling attackers to trick authenticated users into submitting unauthorized configuration changes. The CVSS 4.0 base score is 8.4 (high), reflecting network attack vector, low attack complexity, no user interaction, and high impact on integrity and availability. No patch or official remediation guidance is currently available.
Potential Impact
An attacker can cause a user's browser to submit unauthorized configuration requests to the SenseLive X3050 device without the user's consent, potentially leading to unauthorized changes in device configuration. This could impact the integrity and availability of the device's management functions. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider restricting access to the web management interface to trusted networks and users only, and avoid browsing untrusted websites from devices with access to the management interface.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- icscert
- Date Reserved
- 2026-04-14T15:57:14.980Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69eab7a187115cfb68850e0e
Added to database: 4/24/2026, 12:21:53 AM
Last enriched: 4/24/2026, 12:36:39 AM
Last updated: 4/24/2026, 6:09:06 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.