PT-2026-22059 · Sub2Api · Sub2Api
Wei-Shaw
·
Published
2026-02-26
·
Updated
2026-03-05
·
CVE-2026-27812
CVSS v3.1
9.1
Critical
| AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Sub2API versions prior to 0.1.85
Description
Sub2API is an AI API gateway platform for managing API quotas. A Password Reset Poisoning issue exists due to trust in the Host and Forwarded headers, allowing manipulation of the password reset link. Attackers can inject a domain into the password reset link, potentially leading to account takeover via the affected endpoint.
Recommendations
Upgrade to version 0.1.85 or later.
Disable the "forgot password" feature until an upgrade to a patched version can be performed.
Exploit
Fix
Improper Encoding or Escaping of Output
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sub2Api