CVE-2026-58476 PUBLISHED

Sustainable Irrigation Platform 5.2.16 CSRF via Administrative GET Requests

Assigner: VulnCheck
Reserved: 30.06.2026 Published: 14.07.2026 Updated: 14.07.2026

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSRF token validation or origin verification. Attackers can trigger actions such as disabling the passphrase, rebooting the device, deleting programs, or installing plugins, with the default configuration exposing these endpoints to unauthenticated users due to no required passphrase and a default credential of 'opendoor'.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 7

Product Status

Vendor Dan-in-CA
Product SIP
Versions Default: affected
  • affected from 0 to 5.2.16 (incl.)

Credits

  • Anja Ivanovska of Zero Science Lab finder

References

Problem Types

  • Cross-Site Request Forgery (CSRF) CWE