cvedb.io
CVE-2026-58476
HIGH · CVSS 8.1
EPSS exploitation probability: 0%
Published 2026-07-14T15:17:06.477 · Last modified 2026-07-14T19:10:30.917

Summary

Sustainable Irrigation Platform (SIP) through version 5.2.16 contains a cross-site request forgery vulnerability that allows remote attackers to perform state-changing administrative actions by luring a logged-in administrator into visiting a malicious page that issues HTTP GET requests without CSRF token validation or origin verification. Attackers can trigger actions such as disabling the passphrase, rebooting the device, deleting programs, or installing plugins, with the default configuration exposing these endpoints to unauthenticated users due to no required passphrase and a default credential of 'opendoor'.

Affected products

dan-in-ca — sustainable_irrigation_platform

Does this affect you?

Add your gear to cvedb and we'll alert you only when dan-in-ca ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.