CVE-2026-41308

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions Password Pusher versions prior to 1.69.3 Password Pusher versions prior to 2.4.2

Description An issue in the generic JSON API create path allows unauthenticated users to create file-type pushes under certain configurations, bypassing the intended authentication boundary.

Recommendations Update to version 1.69.3. Update to version 2.4.2.

Fix

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288

Related Identifiers

CVE-2026-41308

Affected Products

Password Pusher

CVE-2026-41308

Weakness Enumeration

Related Identifiers

Affected Products

References · 5