CVE-2026-2543

Name of the Vulnerable Software and Affected Versions vichan-devel versions up to 5.1.5

Description A flaw exists in vichan-devel that allows for unverified password changes. This issue is located in the Password Change Handler component, specifically within the inc/mod/pages.php file. The Password argument can be manipulated to trigger the issue, enabling attackers to change passwords without proper verification. This attack can be carried out remotely. The vendor was notified but did not respond.

Recommendations Update vichan-devel to a version beyond 5.1.5.