CVE-2026-27841
Published: 24 April 2026
Summary
CVE-2026-27841 is a high-severity CSRF (CWE-352) vulnerability in Senselive X3500 Firmware. Its CVSS base score is 8.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 2.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SC-23 requires session authenticity mechanisms such as CSRF tokens to prevent forged cross-site requests to the web management interface.
SI-10 mandates server-side validation of inputs like request origins or CSRF tokens, directly addressing the absence of such protections.
IA-11 enforces re-authentication for state-changing configuration actions, limiting CSRF exploitation reliant on existing authenticated sessions.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF flaw in network-accessible web management interface directly enables exploitation of a public-facing application to perform unauthorized configuration changes.
NVD Description
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage…
more
could cause a user's browser to submit unauthorized configuration requests to the device.
Deeper analysisAI
CVE-2026-27841 is a Cross-Site Request Forgery (CSRF) vulnerability, classified under CWE-352, affecting the web management interface of the SenseLive X3050 device. The flaw enables state-changing operations to be triggered without adequate CSRF protections, as the application fails to enforce server-side validation of request origins or implement CSRF tokens. This allows a malicious external webpage to cause a user's browser to submit unauthorized configuration requests to the device. The vulnerability has a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H), indicating high severity due to its potential for significant integrity and availability impacts.
Exploitation requires an attacker to lure an authenticated user—typically an administrator accessing the web interface—into visiting a malicious external webpage. No privileges are needed on the target device, and the attack is feasible over the network with low complexity, though it relies on user interaction. Successful exploitation enables the attacker to perform unauthorized configuration changes, potentially disrupting device operations or altering settings with high integrity and availability consequences.
Mitigation guidance is detailed in the CISA ICS Advisory ICSA-26-111-12, available at https://www.cisa.gov/news-events/ics-advisories/icsa-26-111-12, along with the corresponding CSAF JSON file at https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-111-12.json. Additional support, including potential patches, can be obtained by contacting SenseLive via https://senselive.io/contact.
Details
- CWE(s)