IM
IronMonkey Threat Research

CVE-2026-16216 MEDIUM

Published: 2026-07-19 | Last Modified: 2026-07-19 | Status: Received

Description

A weakness has been identified in geex-arts django-jet up to 1.0.8. Affected is an unknown function of the component OAuth Handler. Executing a manipulation can lead to cross-site request forgery. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.

CVSS Metrics

Base Score: 4.3 (MEDIUM)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Attack VectorNETWORK
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactLOW
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 2.8

Impact Score: 1.4

Base Score: 5.0 (MEDIUM)

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactPARTIAL
Availability ImpactNONE

Source: [email protected]

Type: Secondary

Exploitability Score: 10.0

Impact Score: 2.9

Base Score: 2.1 (LOW)

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack VectorNETWORK
Attack ComplexityLOW
Attack RequirementsNONE
Privileges RequiredNONE
User InteractionPASSIVE
Vulnerability ConfidentialityNONE
Vulnerability IntegrityLOW
Vulnerability AvailabilityNONE
Subsequent ConfidentialityNONE
Subsequent IntegrityNONE
Subsequent AvailabilityNONE

Source: [email protected]

Type: Secondary

Weaknesses

Source Type Description
[email protected] Primary
en CWE-352
en CWE-862
Notification
Message here