CVE-2026-28510

Name of the Vulnerable Software and Affected Versions eLabFTW versions prior to 5.4.2

Description The login flow in this open source electronic lab notebook does not reliably preserve the multi-factor authentication state across authentication steps. An attacker possessing valid primary credentials could, under certain conditions, use an attacker-controlled TOTP (Time-based One-Time Password) secret to bypass the additional authentication factor, leading to unauthorized account access.

Recommendations Update to version 5.4.2.