CVE-2026-5791 CSRF in DivvyDrive Information Technologies' DivvyDrive
Details
CVSS v3
9.6
EPSS
<0.1% probability · 0.2th percentile — 2026-05-11
Affected versions
DivvyDrive 4.8.2.9 to before 4.8.3.2
Summary
A critical cross-site request forgery vulnerability exists in DivvyDrive versions between 4.8.2.9 and 4.8.3.2. An attacker can trick an authenticated DivvyDrive administrator or user into clicking a malicious link, leading to unintended privileged actions being performed on the attacker's behalf. No known active exploitation has been reported.
Remediation
Upgrade DivvyDrive to the patched version 4.8.3.2 or later. Implement additional CSRF protection controls as a temporary workaround before patching. Audit recent administrative actions for unauthorized changes after deployment of the patch.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.