{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/divvydrive-4.8.2.9-to--4.8.3.2/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":9.6,"id":"CVE-2026-5791"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["DivvyDrive (4.8.2.9 to \u003c 4.8.3.2)"],"_cs_severities":["high"],"_cs_tags":["csrf","web-application","vulnerability"],"_cs_type":"advisory","_cs_vendors":["DivvyDrive Information Technologies Inc."],"content_html":"\u003cp\u003eDivvyDrive, a product of DivvyDrive Information Technologies Inc., is vulnerable to a Cross-Site Request Forgery (CSRF) vulnerability, identified as CVE-2026-5791. This flaw exists in versions 4.8.2.9 up to, but not including, version 4.8.3.2. CSRF vulnerabilities allow attackers to trick users into performing actions they did not intend to, potentially leading to unauthorized modifications or data breaches. Successful exploitation requires an authenticated user to interact with a malicious link or website controlled by the attacker. This could have serious implications for data security and integrity within organizations using affected versions of DivvyDrive.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker crafts a malicious HTML page containing a forged request targeting a DivvyDrive function, such as changing a user\u0026rsquo;s password or modifying data.\u003c/li\u003e\n\u003cli\u003eThe attacker distributes the malicious HTML page via email or other means, enticing a DivvyDrive user to visit the page while logged into their DivvyDrive account.\u003c/li\u003e\n\u003cli\u003eThe user, while authenticated to DivvyDrive, visits the attacker-controlled webpage.\u003c/li\u003e\n\u003cli\u003eThe malicious page automatically sends a request to the DivvyDrive server, appearing as if it originated from the logged-in user.\u003c/li\u003e\n\u003cli\u003eThe DivvyDrive server, lacking proper CSRF protection, processes the request as a legitimate action from the authenticated user.\u003c/li\u003e\n\u003cli\u003eThe attacker\u0026rsquo;s desired action is executed on the DivvyDrive server, potentially modifying user settings, data, or other system configurations.\u003c/li\u003e\n\u003cli\u003eThe impact could be privilege escalation, data manipulation, or account compromise depending on the targeted function.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5791 allows an attacker to perform actions as an authenticated user without their knowledge or consent. Depending on the targeted DivvyDrive functionality, this could lead to unauthorized data modification, privilege escalation, or complete account compromise. The severity is rated as critical with a CVSS v3.1 score of 9.6, highlighting the potential for significant impact. Organizations using vulnerable versions of DivvyDrive are at risk of data breaches and unauthorized system modifications.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade DivvyDrive to version 4.8.3.2 or later to remediate CVE-2026-5791 as mentioned in the overview.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Potential CSRF Attempts via Referer Header\u0026rdquo; to identify suspicious requests lacking a proper Referer header, a common characteristic of CSRF attacks.\u003c/li\u003e\n\u003cli\u003eEnable web server logging and monitor for POST requests originating from unexpected domains as covered by the Sigma rule.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-07T13:16:13Z","date_published":"2026-05-07T13:16:13Z","id":"/briefs/2026-05-divvy-csrf/","summary":"DivvyDrive versions 4.8.2.9 through 4.8.3.2 are susceptible to cross-site request forgery (CSRF), allowing an attacker to execute unauthorized actions on behalf of an authenticated user.","title":"DivvyDrive Cross-Site Request Forgery Vulnerability (CVE-2026-5791)","url":"https://feed.craftedsignal.io/briefs/2026-05-divvy-csrf/"}],"language":"en","title":"CraftedSignal Threat Feed — DivvyDrive (4.8.2.9 to \u003c 4.8.3.2)","version":"https://jsonfeed.org/version/1.1"}