Browse all 7 CVE security advisories affecting pancho. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pancho is a network device management tool primarily used for configuring and monitoring network infrastructure. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, accounting for its seven recorded CVEs. The tool's web interface has been particularly vulnerable to input validation bypasses, allowing unauthorized access to administrative functions. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in its web components suggests potential risks for organizations relying on Pancho for network management without proper hardening and patching.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40044 | Pachno 1.0.6 FileCache Deserialization Remote Code Execution — PachnoCWE-502 | 9.8 | Critical | 2026-04-13 |
| CVE-2026-40043 | Pachno 1.0.6 Authentication Bypass via runSwitchUser() — PachnoCWE-639 | 6.5 | Medium | 2026-04-13 |
| CVE-2026-40042 | Pachno 1.0.6 Wiki TextParser XML External Entity Injection — PachnoCWE-403 | 9.8 | Critical | 2026-04-13 |
| CVE-2026-40041 | Pachno 1.0.6 Cross-Site Request Forgery via State-Changing Endpoints — PachnoCWE-352 | 4.3 | Medium | 2026-04-13 |
| CVE-2026-40040 | Pachno 1.0.6 Unrestricted File Upload Remote Code Execution — PachnoCWE-434 | 8.8 | High | 2026-04-13 |
| CVE-2026-40039 | Pachno 1.0.6 Open Redirection via return_to Parameter — PachnoCWE-305 | 6.5 | Medium | 2026-04-13 |
| CVE-2026-40038 | Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters — PachnoCWE-79 | 7.2 | High | 2026-04-13 |
This page lists every published CVE security advisory associated with pancho. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.