CVE-2026-1325

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Security Management System versions prior to 3.0.13

Description A security flaw exists in Sangfor Operation and Maintenance Security Management System. The issue involves the edit pwd mall function within the /fort/login/edit pwd mall file, where manipulation of the flag argument leads to weak password recovery. This allows for remote attacks. The exploit is publicly available. The vendor was notified but did not respond.

Recommendations Update Sangfor Operation and Maintenance Security Management System to version 3.0.13 or later. As a temporary workaround, restrict access to the edit pwd mall function. Avoid manipulating the flag argument in the edit pwd mall function.