SolarEdge Monitoring Platform CSRF and OOB Injection Vulnerability

60% confidence

Description

The solaredge-CSRF-Hijack vulnerability allows attackers to perform Cross-Site Request Forgery (CSRF) by exploiting an unvalidated session parameter generation endpoint. Additionally, an Out-of-Band (OOB) injection vulnerability exists via the `X-Forwarded-For` and `Referer` headers, enabling attackers to force the SolarEdge infrastructure to send requests to external domains, leading to session compromise and potential unauthorized control over photovoltaic systems.

Affected Products

Vendor	Product	Versions
solaredge technologies	solaredge monitoring	—

Related News (1 articles)

Tier C

Exploit-DB14h ago

[webapps] solaredge - (CSRF-OOB-Injection)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-352, CWE-918

PublishedMay 21, 2026

Last enriched32m ago

Community Vote

0 upvotes

SolarEdge Monitoring Platform CSRF and OOB Injection Vulnerability

Description

Affected Products

Related News (1 articles)

Community Vote

Pin to Dashboard

Verification

Vulnerability Timeline