PT-2026-21809 · Statmatic · Statmatic
Neosprings
·
Published
2026-02-24
·
Updated
2026-03-20
·
CVE-2026-27593
CVSS v3.1
9.3
Critical
| AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Statmatic versions prior to 6.3.3
Statmatic versions prior to 5.73.10
Description
An attacker can exploit a flaw in the password reset functionality to obtain a user's token and subsequently reset their password. The attacker requires the email address associated with a valid account. Successful exploitation depends on the user unknowingly clicking a link in an email they did not initiate. The vulnerable feature involves the password reset process, potentially impacting user account security.
Recommendations
Update to Statmatic version 6.3.3 or later.
Update to Statmatic version 5.73.10 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Statmatic