CVE-2026-47181
HIGH
8,7
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Confidentiality: N/A
Integrity: N/A
Availability: N/A
Description
AI Translation Available
PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of an account, leading to full account takeover. An attacker only needs a registered account and a valid password reset token for their own account. This issue has been patched in version 1.0.0.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0006
Percentile
0,2th
Updated
EPSS Score Trend (Last 6 Days)
20
Improper Input Validation
StableCommon Consequences
Security Scopes Affected:
Availability
Confidentiality
Integrity
Potential Impacts:
Dos: Crash, Exit, Or Restart
Dos: Resource Consumption (Cpu)
Dos: Resource Consumption (Memory)
Read Memory
Read Files Or Directories
Modify Memory
Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies:
AI/ML
943
Improper Neutralization of Special Elements in Data Query Logic
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Availability
Access Control
Potential Impacts:
Bypass Protection Mechanism
Read Application Data
Modify Application Data
Varies By Context
Applicable Platforms
All platforms may be affected
https://github.com/PenguinMod/PenguinMod-BackendApi/security/advisories/GHSA-ww…
https://github.com/PenguinMod/PenguinMod-BackendApi/security/advisories/GHSA-ww…