CVE-2026-28761

Fujitsu Japan Limited · Musetheque V4 Information Disclosure for IPKNOWLEDGE

A Cross-Site Request Forgery (CSRF) vulnerability in Fujitsu Musetheque V4 for IPKNOWLEDGE allows an unauthenticated attacker to perform unauthorized actions.

Executive summary

A CSRF vulnerability in Fujitsu Musetheque V4 for IPKNOWLEDGE poses a high risk of unauthorized state-changing actions due to the lack of proper request validation.

Vulnerability

This is a Cross-Site Request Forgery (CWE-352) vulnerability. The application fails to validate the origin of requests, allowing an unauthenticated attacker to trick a legitimate user into performing unintended actions.

Business impact

With a CVSS score of 8.1, this vulnerability represents a high risk to organizational integrity. Successful exploitation could allow attackers to manipulate application data or perform administrative functions on behalf of an authenticated user, potentially leading to unauthorized data disclosure or service disruption.

Remediation

Immediate Action: Consult the official JVN advisory (JVN#69128376) for available patches or configuration changes provided by Fujitsu.

Proactive Monitoring: Review application access logs for suspicious request patterns and unusual administrative activity originating from unexpected referrers.

Compensating Controls: Deploy a Web Application Firewall (WAF) to inspect incoming traffic and block requests that lack proper CSRF tokens or originate from untrusted domains.

Exploitation status

Public Exploit Available: No (Exploit_available: false)

Analyst recommendation

Given the CVSS score of 8.1, this vulnerability should be prioritized for remediation. Organizations using affected versions of Musetheque V4 must verify their patch status through the vendor’s support channels and implement strict CSRF protections as recommended by the vendor.