CVE-2026-34408

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score

9.1 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N                                    

Vulnerability Description

An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.

Vulnerability Details

Published Date

May 05, 2026

Last Modified

May 06, 2026

CWE ID

CWE-640

Source

NVD

External References

https://herolab.usd.de/security-advisories/usd-2024-0002/
https://www.gambio.de/forum/threads/wichtiges-security-update-2024-02-v1-0-fuer-gx4-v4-0-0-0-bis-v4-9-2-0.50896/

CVE-2026-34408

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment