Is this vulnerability remotely exploitable?

Yes. An attacker only needs network access to the affected Known instance and the ability to submit password reset requests; exploitation does not require local access or control of the victim's email account.

Does an attacker need to be authenticated to exploit this issue?

No. The flaw exists in the unauthenticated password reset workflow, allowing any external user to initiate a reset and obtain the exposed token.

What is the safest general fix pattern for this class of bug?

The safest approach is to treat password reset tokens as confidential, server-side secrets delivered only via secure channels (such as emailed links) and validated exclusively on the server, without ever rendering the raw token in HTML or exposing it in client-controllable contexts.

Severity:

CRITICAL RISK

(9.8)

Broken Authentication via Password Reset Token Exposure (CWE-640) in Known Social Publishing Platform

CVE-2026-26273

Published:

Feb 13, 2026

Status:

Received

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

NDV

Recent Vulnerabilities

CWE-306

CRITICAL RISK

CRITICAL

(9.8)

Missing Authentication for Forgot-Password Email Change API (CWE-306)

Account Takeover / Loss of Account Control

February 17, 2026

CWE-77;CWE-78

HIGH RISK

HIGH

(7.3)

OS Command Injection (CWE-78) in node-sonos-http-api TTS Provider for macOS

Remote Code Execution on the Server Host

February 17, 2026

Vulnerability Type

Category:

Broken Authentication

CWE:

CWE-200;CWE-640

Impact:

Account Takeover

Severity:

CRITICAL RISK

(9.8)

CVSS Version:

3.0

Vulnerability Type

Category:

Broken Authentication

CWE:

CWE-200;CWE-640

Impact:

Account Takeover

Severity:

CRITICAL RISK

(9.8)

CVSS Version:

3.0

Catch This CVE While Code Is Being Written

Detect vulnerable code directly in pull requests, so CVEs are fixed before merge.

Get Started

Ship clean & secure code faster

START 14 DAYS FREE TRIAL

BOOK A DEMO

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Made with Love in San Francisco

355 Bryant St. San Francisco, CA 94107, USA

Ask AI for summary of CodeAnt

Broken Authentication via Password Reset Token Exposure (CWE-640) in Known Social Publishing Platform

Summary

Affected Context

Exploit Preconditions

Why This Happens

Potential Impact

General Mitigation Guidance

How Teams Detect Issues Like This

Frequently Asked Questions

Source

Recent Vulnerabilities

CRITICAL RISK

CRITICAL

(9.8)

Missing Authentication for Forgot-Password Email Change API (CWE-306)

HIGH RISK

HIGH

(7.3)

OS Command Injection (CWE-78) in node-sonos-http-api TTS Provider for macOS

Vulnerability Type

Vulnerability Type

Vulnerability Type

Vulnerability Type

Catch This CVE While Code Is Being Written

Ship clean & secure code faster

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare

Product

Pricing

Company

Legal

Developers

Compare