Severity:
CRITICAL RISK
(9.1)
Password Reset Poisoning via Untrusted Host Headers (CWE-116) in Sub2API
CVE-2026-27812
Published:
Feb 25, 2026
Status:
Analyzed
Summary
Affected Context
Exploit Preconditions
Why This Happens
Potential Impact
General Mitigation Guidance
How Teams Detect Issues Like This
Frequently Asked Questions
Source
NDV
