CVE-2026-24443

Name of the Vulnerable Software and Affected Versions EventSentry versions prior to 6.0.1.20

Description EventSentry has a flaw where passwords can be changed without verifying the current password through the account management functionality within the Web Reports interface. An attacker gaining access to an authenticated user session can modify the account password without knowing the original credentials. This allows for persistent account takeover, potentially leading to privilege escalation if administrative accounts are compromised.

Recommendations Update EventSentry to version 6.0.1.20 or later.