CVE-2026-38057 - ST Engineering iDirect iQ-Series Terminals Cross-Site request forgery
CVE ID :CVE-2026-38057 Published : July 10, 2026, 3:16 p.m. | 1 hour, 16 minutes ago Description :The iDirect iQ200 does not validate CSRF tokens on state-changing API endpoints after authentication. The /api/reboot endpoint accepts POST requests authenticated solely by a session cookie that...