CVE-2026-26744

EPSS 0.29%
Veröffentlicht 19.02.2026 00:00:00
Zuletzt bearbeitet 26.02.2026 02:48:23
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A user enumeration vulnerability exists in FormaLMS 4.1.18 and below in the password recovery functionality accessible via the /lostpwd endpoint. The application returns different error messages for valid and invalid usernames allowing an unauthenticated attacker to determine which usernames are registered in the system through observable response discrepancy.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Formalms ≫ Formalms Version <= 4.1.18

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.207

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://github.com/formalms/formalms.git

Product

https://github.com/lorenzobruno7/CVE-2026-26744

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-26744

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-26744

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-26744

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-26744