PT-2024-35383 · Elabftw · Elabftw

·

CVE-2024-52586

·

Published

2024-12-09

·

Updated

2025-08-15

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions eLabFTW versions 4.6.0 through 5.1.0
Description A vulnerability has been found in eLabFTW that allows an attacker to bypass the built-in multifactor authentication mechanism. This can be exploited by an attacker who can authenticate locally, allowing them to log in regardless of MFA requirements. It's noted that this does not affect MFA performed by single sign-on services.
Recommendations For versions 4.6.0 through 5.1.0, upgrade to at least version 5.1.9 to receive a fix.

Exploit

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2024-52586
GHSA-PVXR-39G3-M28C

Affected Products

Elabftw