CVE-2026-3186 | feiyuchuixue sz-boot-parent up to 1.3.2-beta Password Reset password userId default password

A vulnerability marked as critical has been reported in feiyuchuixue sz-boot-parent up to 1.3.2-beta. Affected by this vulnerability is an unknown functionality of the file /api/admin/sys-user/reset/password/ of the component Password Reset Handler. This manipulation of the argument userId causes use of default password.

This vulnerability appears as CVE-2026-3186. The attack may be initiated remotely. In addition, an exploit is available.

It is suggested to upgrade the affected component.

The project was informed beforehand and acted very professional: “We have added authorization validation to the password reset interface; now only users with the corresponding permissions are allowed to perform password resets.”

CVE-2026-3186 | feiyuchuixue sz-boot-parent up to 1.3.2-beta Password Reset password userId default password

Post correlati

CVE-2024-50437 | AyeCode GeoDirectory Plugin up to 2.3.80 on WordPress cross site scripting

CVE-2025-1965 | projectworlds Online Hotel Booking 1.0 /admin/login.php emailusername sql injection

CVE-2024-3871 | Deltra Electronics DVW-W02W2-E2 up to 2.5.2 Web Administration Interface command injection

CVE-2024-43883 | Linux Kernel up to 6.10.4 vhci-hcd resource consumption (ZDI-CAN-22273)