CRITICALCVE-2026-34408Published 2026-05-05Modified 2026-05-06CNA mitre

CVE-2026-34408: An issue was discovered in Gambio 4

An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be bypassed to set arbitrary passwords for arbitrary accounts if the ID is known.

CVSS v3.1: 9.1
Severity: CRITICAL
Fixed in: —
Affected Products: 1

Affected packages

n/a / n/a
n/a

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

gambio.de
herolab.usd.de

Metrics