CVE-2026-26273

Name of the Vulnerable Software and Affected Versions Known versions prior to 1.6.3 Known version 1.6.2

Description A critical broken authentication issue exists in Known. The application reveals the password reset token within a hidden HTML input field on the password reset page. This allows an unauthenticated attacker to obtain the reset token for any user by querying the user's email, leading to full Account Takeover (ATO) without needing access to the victim's email inbox. The vulnerable page is accessible via a GET request using the victim’s email as a parameter. The sensitive token is embedded in an HTML input field with the name 'code'. The attacker can programmatically extract the token using a tool like curl. This allows the attacker to reset the victim's password and gain access to the account. This issue can lead to a total loss of Confidentiality, Integrity, and Availability, including the compromise of administrative accounts.

Recommendations Update to version 1.6.3 or later to resolve this issue.