CNNVD-202601-1872 Information

CNNVD ID

CNNVD-202601-1872

Related CVE

CVE-2026-22800

• CNNVD Published: 2026-01-12

Description (Chinese)

PILOS是THM开源的一个前端软件。 PILOS 4.10.0之前版本存在跨站请求伪造漏洞，该漏洞源于管理API端点存在跨站请求伪造，可能导致终止所有活动视频会议。

Description (English)

PILOS is a front-end software for the THM open source. The previous version of PILOS 4.10.0 had a forgery gap in cross-site requests, which stemmed from the management of cross-site requests at the API endpoint, which could lead to the termination of all active videoconferences.

Hazard Level

Critical

Vulnerability Type

跨站请求伪造

Affected Vendor

THM

Published

2026-01-12

Last Modified

2026-02-24

References

https://github.com/THM-Health/PILOS/commit/d9ab9bb7ac0a8581c25e24cb7db2152d40be4d1b https://github.com/THM-Health/PILOS/security/advisories/GHSA-r24c-9p4j-rqw9 https://access.redhat.com/security/cve/cve-2026-22800

Patch

https://github.com/THM-Health/PILOS/releases