CVE-2026-47181 – PenguinMod-BackendApi: NoSQL Injection in Password Reset Endpoint Allows Account Takeover

CVE ID :CVE-2026-47181

Published : June 11, 2026, 6:49 p.m. | 30 minutes ago

Description :PenguinMod-BackendApi is the backend api for penguinmod. Prior to version 1.0.0, a NoSQL injection vulnerability in the password reset endpoint allows any authenticated user to change the password of an account, leading to full account takeover. An attacker only needs a registered account and a valid password reset token for their own account. This issue has been patched in version 1.0.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

server configuration 14KQyY

کانفیگ سرور چیست؟ نحوه کانفیگ سرور اختصاصی و مجازی

CVE-2026-53782 – Summarize < 0.17.0 SSRF via podcast:transcript URL fetch

CVE-2026-53781 – Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download

CVE-2026-49973 – Hermes WebUI < 0.51.358 Unauthenticated Password Takeover via /api/settings