CVE-2026-31881 | Runtipi up to 4.7.x Endpoint /api/auth/reset-password missing authentication (GHSA-96fm-whrc-cwg3)

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability was found in Runtipi up to 4.7.x. It has been declared as critical. Affected by this issue is some unknown functionality of the file /api/auth/reset-password of the component Endpoint. The manipulation results in missing authentication.

This vulnerability was named CVE-2026-31881. The attack may be performed from remote. There is no available exploit.

It is recommended to upgrade the affected component.

CVE-2026-31881 | Runtipi up to 4.7.x Endpoint /api/auth/reset-password missing authentication (GHSA-96fm-whrc-cwg3)

Post correlati

CVE-2023-39932 | Intel SUR for Gameplay Software prior 2.0.1901 uncontrolled search path (intel-sa-01004)

CVE-2024-39156 | idcCMS 1.35 keyWord_deal.php cross-site request forgery

CVE-2025-4171 | WZ Followed Posts Plugin up to 3.1.0 on WordPress Shortcode wfp cross site scripting

CVE-2024-28242 | Discourse up to 3.2.0/3.3.0.beta1 Category information disclosure