CVE-2026-40588 | blueprintue blueprintue-self-hosted-edition up to 4.1.x Password Change /profile/{slug}/edit/ current_password unverified password change (GHSA-73f2-p9jr-m44x)

Inserito da Angelo Barbosa | Apr 21, 2026 | CVE

A vulnerability categorized as critical has been discovered in blueprintue blueprintue-self-hosted-edition up to 4.1.x. The affected element is an unknown function of the file /profile/{slug}/edit/ of the component Password Change Handler. Such manipulation of the argument current_password leads to unverified password change.

This vulnerability is uniquely identified as CVE-2026-40588. The attack can be launched remotely. No exploit exists.

It is advisable to upgrade the affected component.

CVE-2026-40588 | blueprintue blueprintue-self-hosted-edition up to 4.1.x Password Change /profile/{slug}/edit/ current_password unverified password change (GHSA-73f2-p9jr-m44x)

Post correlati

CVE-2026-4693 | Mozilla Firefox up to 148 Playback memory corruption

CVE-2024-12959 | 1000 Projects Portfolio Management System MCA 1.0 update_personal_details.php q sql injection

CVE-2024-4141 | Xpdf up to 4.04 Type 1 Font out-of-bounds write

CVE-2024-8460 | D-Link DNS-320 2.02b01 Web Management Interface /cgi-bin/widget_api.cgi getHD/getSer/getSys information disclosure (SAP10383)