CVE-2026-34408

Published: Mag 05, 2026 Last Modified: Mag 05, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.

https://herolab.usd.de/security-advisories/usd-2024-0002/
https://herolab.usd.de/security-advisories/usd-2024-0002/
https://www.gambio.de/forum/threads/wichtiges-security-upda…
https://www.gambio.de/forum/threads/wichtiges-security-update-2024-02-v1-0-fuer…