CVE-2026-1670 - CVE Detail - IronMonkey Threat Research

Description

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address.

Additional Descriptions (1)

Los productos afectados son vulnerables a una exposición de endpoint de API no autenticado, lo que podría permitir a un atacante cambiar en remoto la dirección de correo electrónico de recuperación de 'olvidé mi contraseña'.

CVSS Metrics

Base Score: 9.8 (CRITICAL)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	LOW
Privileges Required	NONE
User Interaction	NONE
Scope	UNCHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Secondary

Exploitability Score: 3.9

Impact Score: 5.9

Base Score: 9.3 (CRITICAL)

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector	NETWORK
Attack Complexity	LOW
Attack Requirements	NONE
Privileges Required	NONE
User Interaction	NONE
Vulnerability Confidentiality	HIGH
Vulnerability Integrity	HIGH
Vulnerability Availability	HIGH
Subsequent Confidentiality	NONE
Subsequent Integrity	NONE
Subsequent Availability	NONE