CVE-2026-9486 MEDIUM

CVE-2026-9486: SourceCodester Student Grades Management System cross-site request forgery

Vendor Sourcecodester

Product Student Grades Management System

Weakness CWE-352 · CSRF

Published May 25, 2026

Last update May 26, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.

Key dates

02Disclosure timeline

May 25, 2026 CVE published

May 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-9486 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2025-47551 WordPress Wiki Embed plugin <= 1.4.6 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability CVE-2021-25072 NextScripts: Social Networks Auto-Poster < 4.3.25 - Arbitrary Post Deletion via CSRF CVE-2024-34809 WordPress EmpowerWP theme <= 1.0.21 - Cross Site Request Forgery (CSRF) vulnerability CVE-2021-36914 WordPress CalderaWP License Manager plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) CVE-2024-54205 WordPress Paloma Widget plugin <= 1.14 - CSRF to Stored XSS vulnerability