Cyber Resilience

CVE-2026-3770

MediumPublic PoC

Published: 08 March 2026

Published
08 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v4 5.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0021 11.6th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-3770 is a medium-severity CSRF (CWE-352) vulnerability in Oretnom23 Computer Laboratory Management System. Its CVSS base score is 5.3 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-23 (Session Authenticity).

Deeper analysis

CVE-2026-3770 is a cross-site request forgery (CSRF) vulnerability, linked to CWE-352 and CWE-862, affecting SourceCodester Computer Laboratory Management System 1.0. The flaw resides in an unspecified component of the software, enabling manipulation that leads to CSRF attacks. It carries a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N), rated as medium severity due to its network accessibility and low integrity impact potential.

Remote, unauthenticated attackers can exploit this vulnerability with low attack complexity, though it requires user interaction, such as tricking a victim into clicking a malicious link or performing an action on a spoofed page. Successful exploitation allows attackers to perform unauthorized actions on behalf of an authenticated user within the application, potentially leading to low-level integrity violations like unintended data modifications.

Advisories and additional details are documented on VulDB (https://vuldb.com/?ctiid.349748, https://vuldb.com/?id.349748, https://vuldb.com/?submit.768839) and the vendor site (https://www.sourcecodester.com/). A public exploit is available at https://gist.github.com/richardaugustine/618db4846b5ea60344721c716ef31b4e, indicating it may already be in use by threat actors.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be…

more

used.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
T1566.002 Spearphishing Link Initial Access
Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.
Why these techniques?

CSRF vuln in public-facing web app directly enables T1190 exploitation; attack vector explicitly requires tricking user via malicious link (T1204.001) or spearphishing link (T1566.002) to trigger forged requests.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-54818Same product: Oretnom23 Computer Laboratory Management System
CVE-2025-70141Same vendor: Oretnom23
CVE-2026-26705Same vendor: Oretnom23
CVE-2026-26892Same vendor: Oretnom23
CVE-2025-0173Same vendor: Oretnom23
CVE-2026-26707Same vendor: Oretnom23
CVE-2026-30531Same vendor: Oretnom23
CVE-2026-30532Same vendor: Oretnom23
CVE-2026-3806Same vendor: Oretnom23
CVE-2026-3771Same vendor: Oretnom23

Affected Assets

oretnom23
computer laboratory management system
1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authorization on every request so forged cross-site requests cannot perform actions on behalf of an authenticated user.

prevent

Requires protection of session authenticity, which blocks CSRF by ensuring requests originate from the legitimate application session.

prevent

Forces re-authentication before sensitive actions, limiting the impact of a successful CSRF attack that relies on an existing authenticated session.

References