CVE-2026-32989
Published: 20 March 2026
Summary
CVE-2026-32989 is a high-severity CSRF (CWE-352) vulnerability in Precurio Intranet Portal. Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2026-32989 is a cross-site request forgery (CSRF) vulnerability in Precurio Intranet Portal version 4.4. The issue resides in the profile update endpoint that handles file uploads, allowing attackers to induce authenticated users into submitting crafted requests. This enables the upload of executable files to web-accessible locations, resulting in arbitrary code execution in the context of the web server. Published on 2026-03-20, the vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-352 (Cross-Site Request Forgery) and CWE-434 (Unrestricted Upload of File with Dangerous Type).
The attack requires network access with low complexity and no privileges from the attacker, but relies on user interaction, such as an authenticated user visiting a malicious webpage. An attacker crafts a malicious request targeting the vulnerable endpoint; when the victim interacts with it (e.g., via a forged link or form), their browser automatically submits the request using their session credentials. Successful exploitation grants arbitrary code execution as the web server, potentially allowing full server compromise, data theft, or further lateral movement.
Advisories providing additional details, potential patches, and mitigation guidance are available at https://www.packetstorm.news/files/id/215644/ and https://www.precurio.com. Security practitioners should review these sources promptly for vendor-recommended updates and workarounds.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-13725
Vulnerability details
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations,…
more
leading to arbitrary code execution in the context of the web server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF + unrestricted file upload directly enables remote exploitation of the web portal for initial access (T1190) and deployment of executable web shells in accessible directories for RCE (T1505.003).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the CSRF vulnerability by enforcing session authenticity mechanisms such as anti-CSRF tokens on the profile update endpoint.
Prevents unrestricted upload of executable files by validating file inputs for type, content, and dangerous extensions on the vulnerable endpoint.
Blocks or detects malicious executable files uploaded to web-accessible locations, preventing arbitrary code execution in the web server context.