Intel

AIKIDO-2026-731730

drupal/lingotek is vulnerable to Cross-Site Request Forgery

Cross-Site Request ForgeryCVE-2026-15080 Published 3 days ago

42

Medium Risk

This Affects:

PHPdrupal/lingotek
0.0.1 - 4.0.3
Fixed in 4.0.4
4.1.0 - 4.1.3
Fixed in 4.1.4
11.0.0 - 11.0.3
Fixed in 11.0.4
Are you affected? Scan for Free

TL;DR

The Lingotek Ray Enterprise Translation provides multilingual site management. The module fails to protect several state-changing administrative routes against Cross Site Request Forgery attacks. An attacker could trick a privileged user into visiting a crafted page that triggers actions such as updating callback settings, uploading or downloading translations, or changing translation state.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

drupal/lingotek is vulnerable to Cross-Site Request Forgery in versions 0.0.1 - 4.0.3, 4.1.0 - 4.1.3 and 11.0.0 - 11.0.3.

How to fix this

Upgrade the drupal/lingotek module to the patch version.