All 7 CVE vulnerabilities found in Pachno, with AI-generated Chinese analysis, references, and POCs.
Vendor: pancho
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40044 | Pachno 1.0.6 FileCache Deserialization Remote Code Execution CWE-502 | 9.8 | Critical | 2026-04-13 |
| CVE-2026-40043 | Pachno 1.0.6 Authentication Bypass via runSwitchUser() CWE-639 | 6.5 | Medium | 2026-04-13 |
| CVE-2026-40042 | Pachno 1.0.6 Wiki TextParser XML External Entity Injection CWE-403 | 9.8 | Critical | 2026-04-13 |
| CVE-2026-40041 | Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints CWE-352 | 4.3 | Medium | 2026-04-13 |
| CVE-2026-40040 | Pachno 1.0.6 Unrestricted File Upload Remote Code Execution CWE-434 | 8.8 | High | 2026-04-13 |
| CVE-2026-40039 | Pachno 1.0.6 Open Redirection via return_to Parameter CWE-305 | 6.5 | Medium | 2026-04-13 |
| CVE-2026-40038 | Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters CWE-79 | 7.2 | High | 2026-04-13 |
All 7 known CVE vulnerabilities affecting Pachno with full Chinese analysis, references, and POCs where available.