Date: 
2026-July-08
Vulnerability: 
Cross site request forgery
Affected versions: 
<4.0.4 || >=4.1.0 <4.1.4 || >=11.0.0 <11.0.4
CVE IDs: 
CVE-2026-15080
Description: 

The Lingotek Ray Enterprise Translation provides multilingual site management.

The module fails to protect several state-changing administrative routes against Cross Site Request Forgery attacks. An attacker could trick a privileged user into visiting a crafted page that triggers actions such as updating callback settings, uploading or downloading translations, or changing translation state.

Solution: 

Install the latest version appropriate for your site

Reported By: 
Coordinated By: