Vulnerability Details CVE-2026-27841
A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application does not enforce server-side validation of request origin or implement CSRF tokens, a malicious external webpage could cause a user's browser to submit unauthorized configuration requests to the device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.9%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2026-27841
-
cpe:2.3:h:senselive:x3500:-
-
cpe:2.3:o:senselive:x3500_firmware:1.523