CVE-2026-58476

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSRF token validation or origin verification. Attackers can trigger actions such as disabling the passphrase, rebooting the device, deleting programs, or installing plugins, with the default configuration exposing these endpoints to unauthenticated users due to no required passphrase and a default credential of 'opendoor'.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dan-in-ca:sustainable_irrigation_platform:*:*:*:*:*:*:*:*

History

14 Jul 2026, 19:10

Type Values Removed Values Added
References () https://www.vulncheck.com/advisories/sustainable-irrigation-platform-csrf-via-administrative-get-requests - () https://www.vulncheck.com/advisories/sustainable-irrigation-platform-csrf-via-administrative-get-requests - Third Party Advisory
References () https://www.zeroscience.mk/#/advisories/ZSL-2026-5995 - () https://www.zeroscience.mk/#/advisories/ZSL-2026-5995 - Exploit, Third Party Advisory
First Time Dan-in-ca
Dan-in-ca sustainable Irrigation Platform
CPE cpe:2.3:a:dan-in-ca:sustainable_irrigation_platform:*:*:*:*:*:*:*:*

14 Jul 2026, 15:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-07-14 15:17

Updated : 2026-07-14 23:17


NVD link : CVE-2026-58476

Mitre link : CVE-2026-58476

CVE.ORG link : CVE-2026-58476


JSON object : View

Products Affected

dan-in-ca

  • sustainable_irrigation_platform
CWE
CWE-352

Cross-Site Request Forgery (CSRF)