CVE-2026-3186

Name of the Vulnerable Software and Affected Versions feiyuchuixue sz-boot-parent versions through 1.3.2-beta

Description A flaw exists in the Password Reset Handler component of the software. This issue involves manipulation of the userId argument within the '/api/admin/sys-user/reset/password/' file, leading to the use of a default password. The attack can be initiated remotely and has been publicly disclosed. The project developers have addressed this by adding authorization validation to the password reset interface, restricting password resets to users with appropriate permissions.

Recommendations Upgrade to version 1.3.3-beta.