PT-2026-41370 · Vvveb · Vvveb

Published

2026-05-15

·

Updated

2026-05-15

·

CVE-2026-46407

CVSS v3.1

8.1

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Vvveb versions prior to 1.0.8.3
Description The backend 'admin/auth-token' endpoint allows an authenticated administrator to access the REST API token list of another administrator by providing the admin id variable of that user. This flaw can lead to the disclosure of sensitive API tokens belonging to other administrators.
Recommendations Update to version 1.0.8.3.

Exploit

Fix

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-46407
GHSA-5G3G-X6MF-PWR6

Affected Products

Vvveb