CVE-2026-44166 | Pocketbase up to 0.22.41/0.37.3 Password Reset improper authentication (GHSA-pq7p-mc74-g65w)

Inserito da Angelo Barbosa | Mag 12, 2026 | CVE

A vulnerability was found in Pocketbase up to 0.22.41/0.37.3 and classified as critical. The impacted element is an unknown function of the component Password Reset Handler. Executing a manipulation can lead to improper authentication.

The identification of this vulnerability is CVE-2026-44166. The attack may be launched remotely. Furthermore, there is an exploit available.

It is suggested to upgrade the affected component.

CVE-2026-44166 | Pocketbase up to 0.22.41/0.37.3 Password Reset improper authentication (GHSA-pq7p-mc74-g65w)

Post correlati

CVE-2024-41092 | Linux Kernel up to 5.10.220/5.15.161/6.1.96/6.6.36/6.9.7 i915_vma_revoke_fence use after free

CVE-2024-57026 | TawkTo Widget up to 1.3.7 cross site scripting

CVE-2025-13619 | Flex Store Users Plugin up to 1.1.0 on WordPress add_role_seller fs_type Remote Code Execution

CVE-2025-4304 | PHPGurukul Cyber Cafe Management System 1.0 /adminprofile.php mobilenumber sql injection