CVE-2026-1835 MEDIUM

CVE-2026-1835: lcg0124 BootDo cross-site request forgery

Vendor Lcg0124
Product BootDo
Weakness CWE-352 · CSRF
Published February 4, 2026
Last update February 23, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was identified in lcg0124 BootDo up to e93dd428ef6f5c881aa74d49a2099ab0cf1e0fcb. This affects an unknown part. The manipulation leads to cross-site request forgery. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified.

Key dates

02Disclosure timeline

February 4, 2026 CVE published
February 23, 2026 Record updated

Related vulnerabilities

04Related CVE