Ghostwire
Home / Vulnerabilities / CVE-2026-4047

CVE-2026-4047: Description An authentication bypass via case-sensitive path matching vulnerability. Successful exploitation grants an...

MEDIUM CVSS 0.0

Published: April 30, 2026 | Last Modified: April 30, 2026

Description

Description An authentication bypass via case-sensitive path matching vulnerability. Successful exploitation grants an attacker unauthenticated remote code execution with no credential reset required.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (15 articles)

Tenable CVEs
CVE-2026-4047
 Tenable CVEs
CVE-2026-40475
 Snyk
Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)
 Tenable CVEs
CVE-2026-40473
 Snyk
Qinglong task scheduler RCE vulnerabilities exploited in the wild for cryptomining
 Tenable CVEs
CVE-2026-40472
 CVE Feed
CVE-2026-40472 - Hackage package metadata stored XSS vulnerability
 Tenable CVEs
CVE-2026-40470
 Tenable CVEs
CVE-2026-40471
 Tenable CVEs
CVE-2026-40479
 CVE Feed
CVE-2026-40479 - Kimai: Stored XSS via Incomplete HTML Attribute Escaping in Team Member Widget
 Tenable CVEs
CVE-2026-40476
 Tenable CVEs
CVE-2026-40474
 Tenable CVEs
CVE-2026-40478
 CVE Feed
CVE-2026-40477 - Improper restriction of the scope of accessible objects in Thymeleaf expressions

References