CVE ID :CVE-2026-40043 Published : April 13, 2026, 7:16 p.m. | 32 minutes ago Description :Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username cookie. Attackers can set the client-controlled original_username cookie to any value and request a switch to user ID 1 to obtain session tokens or password hashes belonging to administrator accounts. Severity: 7.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...