CVE-2026-38566 | HireFlow 1.2 POST Endpoint /profile SESSION_COOKIE_SAMESITE cross-site request forgery

A vulnerability marked as problematic has been reported in HireFlow 1.2. This impacts an unknown function of the file /profile of the component POST Endpoint. The manipulation of the argument SESSION_COOKIE_SAMESITE leads to cross-site request forgery.

This vulnerability is listed as CVE-2026-38566. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More