PT-2026-54834 · Mco · Mco

Hubert Decyusz

·

Published

2026-07-01

·

Updated

2026-07-06

·

CVE-2026-53908

CVSS v4.0

6.9

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions MCO version 25.3.3.1
Description The application is susceptible to user enumeration via authentication-related features. During password reset and username reminder operations, the system provides different responses depending on whether the user is valid or invalid. This behavior allows an attacker to identify and compile lists of valid usernames and email addresses.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-53908

Affected Products

Mco